If they don’t know the function generating the hash-key, what do they test it against? I assume every website uses a unique function for converting passwords into keys.
In: Technology
If the hash-key is leaked, then they have a copy of the user database on hand. Their own computers would not put a limit on how many attempts they can make. They just keep testing until they get a successful crack, then they can login to the real web site once and just be successful on the first try since they now know the password.
How to generate a good hash is a complex thing, so it’s actually quite common to use pre-written programs to do it. Which means the hashes follow a known pattern and is very recognizable. Especially since many of them are designed to be upgraded over time so there is information specifying which hash algorithm is used to allow said upgrades. Some web sites might choose a favourite from the list, but incredibly few are using something totally unique and unknown.
Latest Answers