On 09/16/16 11:13, Ryan Carboni wrote: > Given that passwords have less entropy than the preimage attack on > MD2, wouldn't MD2 and RC4 be ideal? > > The memory swap operation cannot be unrolled, so state actors would > find it more difficult to crack passwords hashed with Scrypt using MD2 > and RC4.
No. When cracking passwords you never go backwards; you just take a set of candidate passwords and run them forwards through your KDF. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
