25Şub
Is a randomly generated 80-bit password strong enough nowadays?
Theoretical question - Say we have a randomly generated password with 80-bit entropy, stored as a single-round, unsalted SHA256 hash. For a determined attacker with current (2024) technology, what would be the cost of bruteforcing it, in terms of money and time?
Now what if it's stored with 10 rounds of SHA256? Does that make it 10 times more resistant?
Note that I'm aware of somewhat similar questions, but they are all several years old.
