Quote:
Originally Posted by Deniska
GL with your project. Today any popular hash algorythm ( md5, sha1 etc ) can be bruteforced really easy. The only way to keep your password safe ( even if your passhash was stolen from web-service DB, for example ) - combination of lower+upper case alphas, numerics and special characters(if they are allowed by service) with string length more then 10 chars (password length is MORE important than characters variations).
For example, using utility writen with nCUDA on nVIDIA GeForce 9600GT you can brute md5 hash with speed ~200 000 000 combinations/sec. On high-end graphic cards ( or if they are in SLI ) speed is higher than 400-500mln combinations/sec (:
EDIT: And another way - using so called 'salt', so thief must steal not only your passhash, but salt 'key' too.
|
You'll be happy to know that both our TC and Forum databases use a number of hash combinations on top of salt.