Don’t people add “salt” to prevent easy code breaking with rainbow tables?
Payton Lee
11

Yes, but bot nets can still brute force at a rate of billions of passwords per second, which is why we have variable work time algorithms, but people can build dedicated GPU-based supercomputing clusters for a few thousand dollars (or rent them by the minute online) to reduce work times…

But still, the biggest threat is something hashes and salts can’t impact at all: there are more than a billion already-cracked credentials the attacker can try.

Face it: passwords are obsolete. Time to move on.

Like what you read? Give Eric Elliott a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.