On 21-7-2017 21:55, Leyne, Sean wrote:
I think the point is, if a cracker has a security database, it can run
billions of SHA1 hashes per second using the same salt in a brute
force attack, because SHA1 is a fast (suitable to hash large files) algorithm.
With bcrypt, with is purposely slow,
On 21-7-2017 13:00, Alex via Firebird-devel wrote:
Yes, but SHA1 weakness becomes important only when password becomes as
long as hash, i.e. 20 bytes for sha1. Without enforcing users to have
long passwords replacing hash makes no sense.
That is unfortunately not true. The weakness that
