Reply to thread

Doesn't matter what algorithm you are using, your bottleneck is going to be a new HTTP request for every "try".  The web server would crap out and you wouldn't have enough network bandwidth to do it very fast anyway.  Even if you had a dedicated gigabit connection to the server, you are limited to 3 million network packets per second... which doesn't even mean 3 million tries per second (because you need far more than 1 network packet per try).  But let's say you could do 3 million tries per second for sake of argument.  Both the web server and DB server would seize up instantly trying to handle 3 million requests/second.

 

Now let's say a hacker has the actual database somehow.  You have much bigger problems than the hacker spending 24 hours to reverse engineer 1 password... after all, they already have your database... do they really even need to log in to the site anymore?

 

But yeah... either way... 1 HTTP request per attempt (on any hashing algorithm) is more or less going to DDoS the web server and make it not possible to do it that way.


Back
Top Bottom