• Heringssalat@feddit.de
      link
      fedilink
      Deutsch
      arrow-up
      4
      ·
      1 year ago

      Keypasss hashing is a lot better than default MD5 though.
      They use SHA-256, salt and key derivation to increase security.

      But a better password and checking your settings is a never a bad idea.

    • tetha@feddit.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      The hashing algoritm is important though. I recently had to design some password hashing system and associated parameters. My work laptop can do a couple dozen million md5 attempts a second no problem. It’s like a factor of 100 - 1000 slower than this sheet. Not bad overall.

      However, using the right hashing algorithms with good tuning such as key derivation rounds and hashing rounds and such can slow that thing down to 2 or 3 attempts per second. Even if you had some system a million times faster than my CPU (at which point the NSA will make you offers and you should take them, or else), you won’t break those passwords given their hash. You wouldn’t even break them if they were simple random lower + upper case sequences of low length.