|
|
|
|
|
|
by chimeracoder
4993 days ago
|
|
|
> Don't think for a second that certain government agencies can't brute force a BCrypt-based password hash, especially given they will know the cost factor and salt. I have no doubt that government agencies have much more powerful intelligence than people realize. But knowing the salt has no connection to their ability to brute-force; it only affects their ability to use rainbow tables. (All it does is prevent them from matching up passwords by their hashed values, so for example, if one password is cracked, it protects everyone else who is using the same password.) But it doesn't provide any protection against brute forcing. Nothing can, short of making the hash function slower (or the password domain larger). |
|
|