| ▲ | extraduder_ire 3 hours ago | |
If the hash changes after every character, doesn't that make it possible for someone to determine your password one character at a time if they know what each hash was? I'm guessing that wasn't in the threat model at the time. | ||
| ▲ | qnleigh 2 hours ago | parent [-] | |
Yeah this reduces the time required to crack a password from (# available characters) ^ (password length) to (# available characters) * (password length). If you were patient you could crack someone's passwords by hand. | ||