
The Usability of Passwords - joshwa
http://www.baekdal.com/tips/password-security-usability
======
16s
Off-line attacks (when the password database has been dumped) are much faster
than on-line attacks (depending on how the passwords are stored). For example,
unsalted, non-iterated md5 hashed passwords can be tested at a rate of 600
million guesses a second on a modern video card with the right software.

~~~
bluesmoon
Off-line attacks typically target the entire password file rather than a
single password in the file. It goes without saying that only hashes should be
stored in the file. Simple hashes are still susceptible to rainbow table
attacks, so one should use a different random salt for each password.
Algorithms like MD5 and SHA1 are also kind of weak with today's computing
power, so something like SHA256 should be used. A hash that requires repeated
application of the algorithm is also useful since it requires more CPU power
to generate.

------
pwg
You can also try Password Gorilla ( <https://github.com/zdia/gorilla/wiki> )
to create, store, manage, and make use of all your passwords.

------
swGooF
Nice writeup. I used to call passwords with multiple words a "pass-phrase."

