[13of40]

Or use multiple rounds of hashing to generate and validate the hash. IIRC about 5 years ago MS Office was using 500K rounds of SHA512 by default (as a keygen for decrypting documents), which meant about 8 guesses a second on a good machine. Of course you have to keep updating those specs as computing power increases over time.

[yomkippur]

Is there anything stronger than blowfish? seems like I would just do that 50,000 rounds of blowfish mixed with SHA512 rounds in between randomly. Good luck trying to brute force an excerpt from the Bible written in Japanese backwords using esoteric usage of special characters to top it off.

I expect this to take at least a few millenias to crack

[nomel]

Every time your password is used, you will experience that hash delay. So, for usability, it would be best to keep it to something not-annoying, and just change your password every once and a while.

[yencabulator]

> Is there anything stronger than blowfish?

I think you mean bcrypt..

Both Argon2 and scrypt win over that:

https://github.com/P-H-C/phc-winner-argon2 https://www.tarsnap.com/scrypt.html