Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Froot75397y@runfrodorun I truly doubt you can crack a hash of a password with 10 characters 😉
Edit: I should probably add that I mean a pbkdf2 hash with 1000 iterations of SHA1 and a 1024 bit random salt. I mean, obviously, right? 😄 -
Froot75397y@runfrodorun Well if you can zero in on the few characters you need to brute force then sure. Tho it really depends on the kind of hash you're looking at. For example a gpu won't be much use on blowfish hashes as far as I know since they require too much memory.
Also, do you realise how many combinations of 10 digits password there are? Assuming only alphanumeric characters you're looking at 62^10 combinations. Thats over 800 000 000 000 000 000 combinations. Btw 3blue1brown has a good video visualising how hard it is to crack SHA256
Btw what did you mean by hash transmitted over the network? Like file checksums?
Anyhow. You seem to be suggesting that breaking any hash is child's play. So how does that go with cryptocurrencies?
I'm just not very sold on your claims that hash cracking is easy since that flies in the face of almost everything I've learned about hashes.
Edit: This comment may seem a bit odd because I went back and forth adding bits 😄 -
Froot75397y@runfrodorun What? This is nonsense. So what you're saying is we should all hash our passwords with unsalted MD5s because anything else will be easier to crack.
Citing some research would really help here because it's really seems like you're pulling stuff out of your ass.
I'm sorry 😄 -
Froot75397y@runfrodorun Yea, exactly. So using a better hashing algorithm makes your hashes more secure. Even better if you can run something that is hard to run on a gpu like blowfish.
As for long passwords. Of course you should use long passwords and the longer the better. But try explaining that to users. Memorizing 20-30 20 letter passwords that share no resemblance is hard, really hard.
Also, salting your passwords with a good unique salt is a must. This makes it much harder to crack a database of passwords since same passwords won't generate same hashes
Related Rants
-
fabiomsnunes22Stupidest client ever: I once had a client that requested me a new website, all went well and get paid. After ...
-
agnibha1Oh.. I see.. How about pass@123...
-
Coffe2Code13~During app demo to our client~ - And when you click here the request will be submitted, the admin will be no...
What the heck kinda password rules are these? Getting away from this credit union as soon as possible...
undefined
stupid
password
rules