Password Strength5 min read - Text Only
@atoponce there is no sane parameters for password hashing that provide anything like the security levels expected in modern cryptography.
This! Oh so much this!
If the attacker gets the password hashes you have lost a substantial amount of security, and no number of rounds (or even memory hardness) is going to make up for it. Using a memory hard slow hash function with a good number of rounds is still best practice, but it cannot be the lynchpin of your security.
@atoponce my favorite thought experiment on this is the following, looking first at Googles login infrastructure there are 2^33 people in the world, a reasonable requirement would be for all of them to be able to login to your system in a single day. That means the system has enough computing power to brute force a 33 bit password in a single day, no matter what parameters you choose (as a very much lower bound, since this assumes that the login is only computing hashes and none of that actual serving stuff).
Now your system might not literally be Googles login servers, but chances are that you dont want to have a system the size of Googles login servers to serve only a handful of people either (plus, while brute forcing is lazily parallel, the whole point of a slow hash function is to not be parallelizable, so those handful people that youre serving with your several data centers worth of compute power will likely have to wait hours to actually log into their system).
This means that as an absolutely lower bound, you should assume 33 bit passwords can always be broken in a day, independent of the hash function you use. (And likely much much less time)
Their #security #DataBreach started this conversation and it is time to dispel a critical misunderstanding in password security within #infosec. Human passwords are biased. That makes them weaker than any mathematical strength formula can predict.
Just like cryptography, biases are used against you online and offline.