On 09/16/16 11:13, Ryan Carboni wrote:
> Given that passwords have less entropy than the preimage attack on
> MD2, wouldn't MD2 and RC4 be ideal?
> The memory swap operation cannot be unrolled, so state actors would
> find it more difficult to crack passwords hashed with Scrypt using MD2
> and RC4.
No. When cracking passwords you never go backwards; you just take a set
of candidate passwords and run them forwards through your KDF.
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid