|
|
|
|
|
|
by Zamicol
505 days ago
|
|
|
Password hash functions are designed to be slow, are designed to be use with salts, and may have low entropy inputs. Hash functions themselves are general purpose and don't protect against low entropy inputs (low entropy passwords). They also don't protect against rainbow tables (pre-calculated digests for common or popular passwords). For password hashing you want something slow and something with unique entropy for each user's password to prevent rainbow attacks. It doesn't solve the problem of weak passwords, but it's the best that can be done with weak passwords. The only improvement is to enforce strong passwords. |
|
|