Quiz Entry - updated: 2026.07.14
What are the standard defenses against offline password attacks (after the hash database leaks)?
Long, high-entropy passwords stored with a slow, salted password-hashing function — ideally Argon2 (also acceptable: scrypt, bcrypt).
The defender's leverage:
- Length & uniqueness of the password — increases the search space the attacker must traverse. NIST now recommends ≥ 8 characters, ideally passphrases; password managers solve the memorability problem.
- Slow hash function — each candidate guess takes 100–500 ms instead of nanoseconds. A billion guesses per second becomes a few per second.
- Salt — a unique random value per password, stored alongside the hash. Defeats rainbow tables and forces the attacker to crack each password individually. Same password + different salt = different hash.
- Pepper (optional) — a server-side secret added to every hash, stored separately from the DB. If only the DB leaks (the usual case), the attacker can't crack without also stealing the pepper.
Recommended algorithms (2024):
| Algorithm | Status | Why |
|---|---|---|
| Argon2id | Preferred (PHC winner, 2015) | Memory-hard — resists GPU/ASIC cracking |
| scrypt | Acceptable | Also memory-hard |
| bcrypt | Acceptable, ageing | Long track record; not memory-hard, less GPU-resistant |
| PBKDF2 | Acceptable for FIPS contexts | Not memory-hard; weakest of the four |
| MD5 / SHA-1 / plain SHA-256 | ❌ Never | Way too fast — billions of guesses per second on a GPU |
Tip: Argon2 + salt is the current best-practice combination. If you see plain SHA-256 in a code review, treat it as a finding.