[CyberRage]

IMO good algorithms can only get you so far, even if you use modern high resistance hashing if your user uses 'password1234' it will be cracked, as computation power grows we need to use stronger and stronger passwords, this is a losing game especially for the average Joe.

Modern solutions move away from passwords to MFA and/or digital/physical tokens which there we can control the security level with high precision.

Users are the weakest link as the author stated.

[Tostino]

Pair it with a solution like zxcvbn and you can stop your users from their worst impulses as far as passwords.

[jakobson14]

That's called a dictionary attack and it's not a function of computing power.

[_lvbh]

If you obtain a hash and want to brute force it with a dictionary attack, the amount of time it takes is still a function of computing power since you have to hash the strings & compare. The success rate is of course not

[jakobson14]

You don't understand how dictionary attacks work.

1) Dictionaries are TINY compared to the number of possible hashes. Something you could reasonably fit on a single hard drive in many cases. Humans really aren't that creative when it comes to choosing passwords.

2) You don't hash every entry in the dictionary on-the-fly. That's stupid. You store the hashes in a large lookup tree and compare hash-to-hash. There's basically no processing power required, especially compared to actual hashing work.

[CyberRage]

what is your point exactly?

really bizarre response, if you don't have something good to say, don't.