Given that passwords have less entropy than the preimage attack on
MD2, wouldn't MD2 and RC4 be ideal?

The memory swap operation cannot be unrolled, so state actors would
find it more difficult to crack passwords hashed with Scrypt using MD2
and RC4.

Reply via email to