Timeline for Will passphrases always be secure?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 11, 2012 at 23:45 | comment | added | 700 Software | (just in case, to prevent misunderstanding) A modern hash routine (such as bcrypt) can be adjusted for the hardware it runs on. This means that no matter how fast computers get, the hash routine can keep up. There are of course factors to think about such as specialized hardware that completes the routines more efficiently. (GPU comes to mind, though it is limited when it comes to bcrypt) If I was to have my way, hash routines would take 20-200ms. This is very reasonable for a login or signup page, and creates an above-average resistance. (this figure is still subject to attacker hardware) | |
| Apr 11, 2012 at 22:01 | comment | added | Steven Monday | Check out bcrypt. | |
| Apr 11, 2012 at 20:45 | comment | added | Scott Pack | @GeorgeBailey: I'll leave our resident cryptographers to comment conclusively, but so far as I know computers have been increasing in compute power more quickly than hash functions have been increasing in complexity. But, yeah, I was trying to be purposefully conversational. Distributing computation across rented or stolen nodes is definitely worth keeping in mind. | |
| Apr 11, 2012 at 20:41 | comment | added | 700 Software | "As compute power increases on computer systems" New systems should (not to say they would) use a hash function that takes even more computer power, thus keeping the number of guesses down to under 1000 per second. Though you can't count on systems meeting this level of security, and you also need to keep in mind a hacker could rent some more powerful cloud-based resources to run his cracking routines. | |
| Apr 10, 2012 at 21:03 | history | answered | Scott Pack | CC BY-SA 3.0 |