Hacker News new | ask | show | jobs
by pork 5225 days ago
You can salt all you want, but an 8 character password with a single round is going to fall very, very fast. Salt, being public, has nothing to do with it.
1 comments
mappu 5225 days ago
It does however mean you have to spend two days per password, rather than two days for the entire user base, or ten minutes with a pre-existing lookup table.
link
getsat 5225 days ago
No, consumer GPUs can do almost a billion SHA1 hashes per second now. We're talking seconds to minutes for "complex" passwords, not days.

http://codahale.com/how-to-safely-store-a-password/

link