How do hackers keep checking different passwords against the leaked hash-key without getting shut out after x attempts?

351 viewsOtherTechnology

If they don’t know the function generating the hash-key, what do they test it against? I assume every website uses a unique function for converting passwords into keys.

In: Technology

8 Answers

Anonymous 0 Comments

They do know the hash function, there are only a few standard password hash functions and the hash itself generally specifies which hash function was used to create it. Creating a custom hash function and then keeping it a secret is generally not practical or useful. It’s hard to test the security of a hash function, the standard ones in use are considered secure because they’ve been around a while and nobody has figured out how to break them yet. Your custom hash function built by your barely cryptography literate engineers would probably be deeply flawed, and the entire premise is an anti-pattern called “security through obscurity.”

You are viewing 1 out of 8 answers, click here to view all answers.