This is really good for encrypted content such as a hard drive, password vault or gpg key

  • kevincox
    link
    fedilink
    arrow-up
    3
    ·
    5 months ago

    Yeah, that is what I meant by “strength of the hash”. Probably should have been more clear. Basically the amount of resources it takes to calculate the hash will have to be spent by the attacker for each guess they make. So if it takes 1s and 100MiB of RAM to decrypt your disk it will take the attacker roughly 1s and 100MiB of RAM for each guess. (Of course CPUs will get faster and RAM will get cheaper, but you can make conservative estimates for how long you need your password to be secure.)

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Keep in mind they will be using GPUs with lots of ram and cores so that 1s will be more like hundreds or thousands a second.

      • kevincox
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        It depends a lot on the hash functions. Lots of hashes are believed to be difficult to parallelize on GPUs and memory hard hash functions have different scaling properties. But even then you need to assume that an adversary has lots of computing power and a decent amount of time. These can all be estimated then you give yourself a wide margin.