Re: Encrypted passwords?
Don't struggle, you're considering things correctly. In all probability, it would never be worth it...in all probability, if you did have the resources to crack a hash, the sheer time required alone would make it a waste of resources, because by the time you've cracked the hash, it's probably no longer relevant. It's not really a technical consideration...any one of us here could write a script to systematically bruteforce hashes, it's very possible...easy even...but none of us have the time, resources or inclination to even bother.
Something being possible, doesn't make it feasible, practical, ethical, probable, profitable or even realistic.
All the humans on earth could be packed in to fill the Grand Canyon...it's possible...it's just not feasible, practical or even ethical...there are lots of things preventing this situation actually happening...and what would be the point?
Most password cracking theory exists as thought experiments and maths...that's it...
The only reason you hear people talking about the "possibility" of hashes being cracked etc is because mathematically the odds are greater than 1...but the realms of mathematical possibility are pretty abstract. I mean, how many values are there between 0 and 1? It could be ten, right? 0.1, 0.2, 0.3 etc etc...could be a lot more if you start at 0.01...or 0.000001...could be infinite...could be zero values and the next value is literally 1, it's arbitrary.
I mean with cracking a hash, you could get lucky and find it's value in your first go.
A lot of people know what this hash is:
6b3a55e0261b0304143f805a24924d0c1c44524821305f31d9277843b8a10f4e
This hash would be incredibly cheap to crack and you'd do it at virtually zero cost.
Even if something is 1 in 18 gazillion...it's possible...it's just not likely.
That said, rainbow tables do exist for cracking password hashes (unsalted ones). So unsalted hashes are probably quite trivial to crack if they are below a certain length and complexity.
Biting the hand that feeds IT
