Quote (ROM @ Sep 5 2017 05:41pm)
It is interesting but more of a discussion of implementation and hashing algorithms.
But no answer to my question. My questions is more of a fundamental questions I guess.
If it is random enough it will take millions of years to find out what your password COULD BE through brute forcing. If you use a rainbow table and the customer is using an insecure/weak password it may be feasible, but it still may take a long time and a lot of compute power. If the password is truly random it will be impossible to determine the password because there are a huge number of possible inputs for every hash value. Encryption can be reversed, but hashing cannot.
see:
https://stackoverflow.com/questions/6776050/how-long-to-brute-force-a-salted-sha-512-hash-salt-providededit: Also, a lot of hackers will give up when they see encrypted data or sell the encrypted data for a fraction of the normal value.
This post was edited by waraholic on Sep 5 2017 07:12pm