Yeah but with hashcat supporting cracking with multiple GPUs, even bcrypts can be cracked quickly now. There are also a ton of cloud cracking services like GPUHash.me and entire cracking forums where ppl crowdsource and help out like HashKiller.
You can try that, but it's really difficult to tune so it's useful. The amount of time the server has to waste computing hashes is too close to the amount of time an attacker has to waste to break at least some of them.
It's just not hard enough to guess a potentially valid phone number. With passwords, hashing only helps because the probability of a valid password is _very_ low, and because you don't need to look up a password, only check if it's the right one for joeblow (so you can salt them individually).
m4jor|3 years ago
kadoban|3 years ago
It's just not hard enough to guess a potentially valid phone number. With passwords, hashing only helps because the probability of a valid password is _very_ low, and because you don't need to look up a password, only check if it's the right one for joeblow (so you can salt them individually).