On Sat, Mar 23, 2019 at 04:59:46PM -0700, Alice Wonder wrote:
> > This is not necessarily true. A hashed password can be brute-forced.
>
> Only with a weak password and/or a weak hash algorithm, and it is harder
> with just the latter.
Yes, but "not weak" in the context of password hashes means something
different than in the usual context of collision-resistant message
fingerprints. The hash needs to be non-deterministic (randomly
salted), and ideally resistant to various space-time and parallelization
tradeoffs, which means irreducibly both CPU and memory intensive.
Which means algorithms along the lines of Argon2, not SHA2.
--
Viktor.
