undefined | Better HN

0 pointsmarcosdumay4y ago0 comments

None of that will help you if your hash database leaks. But I'm ok with letting the decision with the user.

0 comments

Interesting. In most cases if hash database leaks, the ability to crack depends on two factors, not one (password and hash difficulty) assuming you are salting properly.

You can specify pretty high difficulty with argon2id etc. Ie, shoot for a one second runtime with a very high memory requirement (you can go to GB range even).

So I'm not sure all is always necessarily lost

j / k navigate · click thread line to collapse

0 comments

tempnow9874y ago

Interesting. In most cases if hash database leaks, the ability to crack depends on two factors, not one (password and hash difficulty) assuming you are salting properly.

You can specify pretty high difficulty with argon2id etc. Ie, shoot for a one second runtime with a very high memory requirement (you can go to GB range even).

So I'm not sure all is always necessarily lost

j / k navigate · click thread line to collapse