|
|
|
|
|
|
by Someone1234
283 days ago
|
|
|
The weakpoint is, has, and will always be people. They're cryptographic hashes of people's chosen passwords. You aren't attacking hypothetical mathematical entropy, you're attacking human imagination and laziness. It isn't academic either. I have broken tons of cryptographic hashes in my career. Most of my colleagues have too. From DES through bcrypt over tens of years. The cost/performance has slowed, but the techniques haven't changed one bit because PEOPLE haven't changed one bit. Obviously nobody can crack a sha512 hash likely containing a randomly generated cryptographic number. But that's irrelevant, because we're discussing the Plex security incident where humans created passwords, and humans today, tomorrow, and ten years ago are just as incapable of creating good passwords. So their claim that these hashes "cannot be read" is inaccurate. If you have a modest budget and want to target a handful of accounts, there are multiple CHEAP cloud services that will happily sell you compute to do so. |
|
|