You can figure it out, but it takes some time. Always use good passwords, and it will go a long way. Also, for every breach you hear about, there are plenty more you don't.
A 16 character password randomly consisting of upper and lower case letters and numbers only using bcrypt with a cost factor of 10 would take ~6.046727765959351e+18 years to crack on a single Nvidia 2080Ti.
The Gab passwords are hashed using bcrypt. I don't know what their cost factor was configured as.
Yep. As other guy said, rainbow tables will probably snag a decent percent of real world passwords. The good passwords are safe, but Darth Helmet's luggage code will be easy pickens. And the people using bad passwords tend to reuse them.
Rainbow tables are completely ineffective once you introduce a salt of sufficient length to the password because you've now made the storage requirements exponential.
Since bcrypt uses a salt of 22 characters encoded as base64, this gives you a possibility of:
5444517870735015415413993718908291383296
combinations just for the salt alone. You're not going to be storing rainbow tables for that many salts much less the 31 character password+salt hash that follows.
You can figure it out, but it takes some time. Always use good passwords, and it will go a long way. Also, for every breach you hear about, there are plenty more you don't.
A 16 character password randomly consisting of upper and lower case letters and numbers only using bcrypt with a cost factor of 10 would take ~6.046727765959351e+18 years to crack on a single Nvidia 2080Ti.
The Gab passwords are hashed using bcrypt. I don't know what their cost factor was configured as.
Yep. As other guy said, rainbow tables will probably snag a decent percent of real world passwords. The good passwords are safe, but Darth Helmet's luggage code will be easy pickens. And the people using bad passwords tend to reuse them.
They won't.
Rainbow tables are completely ineffective once you introduce a salt of sufficient length to the password because you've now made the storage requirements exponential.
Since bcrypt uses a salt of 22 characters encoded as base64, this gives you a possibility of:
5444517870735015415413993718908291383296
combinations just for the salt alone. You're not going to be storing rainbow tables for that many salts much less the 31 character password+salt hash that follows.
Read this response on SO for an explanation why.
Rainbow tables are only effective for something like MD5 without salting.
Read this on rainbow table defenses and on bcrypt specifically.
Cool. Thanks for the info. I have a cyber security cert, but salting was only covered briefly in the course and not mentioned in the test.