Comment Re: There we go again (Score 1) 383
Hey Desler I really don't get you, you (appear to) know what a salt is yet you don't understand that an attacker would be performing the attack on the hash offline, with their own hardware. Rate limiting their own hardware would be, as you put it, the height of idiocy.
Except what you are talking about was not what I was originally responding to. You basically injected yourself into the conversation and completely changed the context and then started calling me an idiot. I suggest you re-read what I originally responded to:
They can be, but it would be incredibly stupid to use something like that. A dictionary attack would crack that password in seconds.
What I do is have a single, strong password that I have stored only in my brain and all other passwords are hashed on-the-fly from that and the domain or name of whatever I need the password for. I get unique, strong password for everything, but only have to remember a single one.
Do you notice that nowhere in that quoted statement is there anything about the attacker already having the password hash?