🇨🅾️🇰🅰️N🇪Table Flip Time 🙃
hthAnytime you see a password length cap you know they are not following current security standards. If they aren’t following them for something so simple and visible, you’d better believe it’s a rat infested pile of hot garbage under the hood.
you have to limit it somewhere or you're opening yourself up for a DoS attack
Half right. Designed to be resource intensive to reverse not to calculate. The goal is minimum resources to turn input into a hash and maximum resources to get from hash back to input.
Hashes are one way functions. You can’t get from hash back to input
Only if the hash function is designed well
True. I was all kinds of incorrect in my hasty typing. I’ll update it to be less wrong.
Incorrect.
They're designed to be resource intensive to calculate to make them harder to brute force, and impossible to reverse.
I was incorrect but I still disagree with you. The hashing function is not designed to be resource intensive but to have a controlled cost. Key stretching by adding rounds repeats the controlled cost to make computing the final hash more expensive but the message length passed to the function isn’t really an issue. After the first round it doesn’t matter if the message length was 10, 128, or 1024 bytes because each round after is only getting exactly the number of bytes the one way hash outputs.
It depends on the hash. E.g., OWASP only recommends 2 iterations of Argon2id as a minimum.
Yes, a hashing function is designed to be resource intensive, since that's what makes it hard to brute force. No, a hashing function isn't designed to be infinitely expensive, because that would be insane. Yes, it's still a bad thing to provide somebody with a force multiplier like that if they want to run a denial-of-service.
I’m a bit behind on password specific hashing techniques. Thanks for the education.
My background more in general purpose one way hashing functions where we want to be able to calculate hashes quickly, without collisions, and using a consistent amount of resources.
If the goal is to be resource intensive why don’t modern hashing functions designed to use more resources? What’s the technical problem keeping Argon2 from being designed to eat even more cycles?
Argon2 has parameters that allow you to specify the execution time, the memory required, and the degree of parallelism.
But that gives you diminishing returns, and if you specify them such that it's too resource intensive, then that's opening yourself up to a denial-of-service attack, because all somebody has to do to eat all your resources is hash a bunch of passwords.
See “Password Hashing” here: en.m.wikipedia.org/wiki/Key_derivation_function
It is actually important to have a controlled cost to calculate in the forward direction too.
Totally true. I stand corrected. Thank you.