sn0w
Active Coder
But again, what do I know, right?
Come on man I'm really not trying to be rude or to insult you.
If it seemed that way then I'm sorry.
Let's just stick to facts here since this is a public forum and not a private chatroom.
You do realize that there are such things as rainbow tables and lists of already hacked, usually most common, passwords
They do not work when the hashes are salted, and almost every software does that by default these days.
If you happen to find a really badly configured website, then yes you could use rainbow tables or hash-lists for it.
Also, why would you use SHA-1... SHA256/SHA512 are better.
I explicitly wrote that this would be an example of a badly configured website to show a lower bound for the cracking time.
Obviously using actually strong hashes like Argon2 will increase the time.
How is the article "misinformation"?
It wasn't really clear if
are you aware of this beauty right here
was supposed to mean "lol KeePass is bad" or "look at the junk ZDNet wrote".If you meant the latter, I'd agree with you.
If you meant the first: While caching the master PW in RAM is certainly not a cool thing to do, accessing it requires running a program on your PC.
When a bad actor has software running on your PC they - by definition - have access to everything, so it's not really a good argument for discouraging usage of those PW managers.
Last edited: