using decent cryptography correctly, you've just made the problem nearly untractable compared to brute force passwords (which also should be doing things like delays etc.)