0

For example, a password hash is: edgjcgo4866864rfhobd38790g764hkp

Does having the hash of the password make it easier for the attacker to crack the password than not having the hash?

If yes, why does having the hash make it easier to crack the password than not having the hash?

programmer777
  • 1
  • 1
  • If you don't have the hash, then what are you cracking? What you have asked is like asking, "is it easier to crack a nut when you have a nut, or when you don't?" – schroeder Jul 26 '22 at 08:40
  • Consider that someone does not have the hash but brute force the password using dictionary or random guess. So if attacker does not have the hash the attacker can still try cracking the password – programmer777 Jul 26 '22 at 08:52
  • But what are you brute forcing if you don't have the hash? – schroeder Jul 26 '22 at 08:59
  • Example brute forcing login system. The attacker doesn't have the hash but the attacker tries many guesses until he logs in successfully – programmer777 Jul 26 '22 at 09:23
  • Ok, you are talking about the difference between offline and online bruteforcing, And online bruteforcing can be stopped with a ton of other controls, like rate-limiting. So, yes, offline bruteforcing is easier because you are in full control. – schroeder Jul 26 '22 at 09:47

0 Answers0