• Primarily0617@kbin.social
    link
    fedilink
    arrow-up
    41
    arrow-down
    1
    ·
    edit-2
    1 year ago

    you have to limit it somewhere or you’re opening yourself up for a DoS attack

    password hashing algorithms are literally designed to be resource intensive

      • Primarily0617@kbin.social
        link
        fedilink
        arrow-up
        9
        ·
        edit-2
        1 year ago

        Incorrect.

        They’re designed to be resource intensive to calculate to make them harder to brute force, and impossible to reverse.

        Some literally have a parameter which acts as a sliding scale for how difficult they are to calculate, so that you can increase security as hardware power advances.

        • confusedbytheBasics@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I was incorrect but I still disagree with you. The hashing function is not designed to be resource intensive but to have a controlled cost. Key stretching by adding rounds repeats the controlled cost to make computing the final hash more expensive but the message length passed to the function isn’t really an issue. After the first round it doesn’t matter if the message length was 10, 128, or 1024 bytes because each round after is only getting exactly the number of bytes the one way hash outputs.

            • confusedbytheBasics@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I’m a bit behind on password specific hashing techniques. Thanks for the education.

              My background more in general purpose one way hashing functions where we want to be able to calculate hashes quickly, without collisions, and using a consistent amount of resources.

              If the goal is to be resource intensive why don’t modern hashing functions designed to use more resources? What’s the technical problem keeping Argon2 from being designed to eat even more cycles?