undefined | Better HN

0 pointsselestify4y ago0 comments

Ah, I see what you mean. Yes, if you don't even have the entire hash, you're kind of out of luck.

> It may be very computationally expensive to brute force the space, but the information is there.

If the password is long enough, it will take longer than the heat death of the universe to brute force the space. So in practice, brute forcing secure passwords might as well be impossible.

0 comments

mlyle4y ago

> Yes, if you don't even have the entire hash, you're kind of out of luck.

Well, no-- I'm saying that if you have 9 guesses, you can get enough of the hash that you can eliminate all of the passwords but 1.

> If the password is long enough, it will take longer than the heat death of the universe to brute force the space. So in practice, brute forcing secure passwords might as well be impossible.

Here, the password has 88-90 bits of entropy. Out of reach to brute force, but just a few characters shorter and it wouldn't be. And, of course, if there's weaknesses in the hash function ever found, it may be able to elide some or all of this search process.

j / k navigate · click thread line to collapse