Hacker News new | past | comments | ask | show | jobs | submit login

I'm the guy who wrote the accounts management platform for Silent Circle. Rest assured, passwords are stored as PBKDF2 hashes. (I realize bcrypt is popular around here, but when it comes to crypto stuff, standards are a good thing, most of the time...)

edit: s/DK/KD/




How much computing power would it take to brute-force one of those hashes?

We know NSA has gargantuan parallel processing capabilities.


We tune the hash iterations to take a reasonably long amount of time on our modern hardware. That said, a dedicated and well funded attack on a single hash could certainly crack it in a relatively short period of time (which is why we protect the hashes as if they were cleartext passwords...)


I think it's far more likely they'd find a way to break the hash function and not tell anyone about it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: