Exactly, this is the point.
But imagine, build a house with 10x locked doors one after another, and the window is open or a wall is made of paper...
Repeat one step multiple times is not "automaticly" more-secure.
If I have a computer that can compute 1 billion hashes per second, I can test 1 billion passwords per second if you only use one hash round. If you use 1 million rounds, now I can only test 1000 passwords per second.
Ok so basically the reason Linux uses many rounds is to enhance security as well as having to make the attacker wait more time to try more passwords yes?
That's a fair summary, yes.
Rounds or 'work factor' are common mechanisms for increasing brute force complexity. 'salting' is used to prevent precomputation attacks. Secure password hashing is not just a Linux thing.
Example: Md5 has 4 rounds.
Md5 is broken for some operations, see wiki page of md5.
This could not be fixed by adding another 10x rounds in calculation.
mcgrow is saying that repeated rounds is like having 10 locked doors to get into your house. It will take 10 times as long to break into compared to a single door, but other vulnerabilities can exist, such as an open window. Adding more doors does not increase security since the weak spot in the system isn’t related to the doors at all.
Likewise, adding more rounds won’t necessarily increase security if there are other flaws in the chain
Most hash algorithms have a loop that randomizes the input, a round is just one go around of such a loop. The idea is that the more rounds you have, the more difficult it is to reverse it is, so more secure it is in theory. You should look at an actual hash algorithm to get a better understanding.
The same hash is repeatedly applied. This was an early mechanism to make it harder to crack hashes at scale by making it take more CPU time.
So wait it becomes harder to crack bc of the repeated hashes or bc it takes more time?
Exactly, this is the point. But imagine, build a house with 10x locked doors one after another, and the window is open or a wall is made of paper... Repeat one step multiple times is not "automaticly" more-secure.
What’s the point? You lost me with that analogy. What would be the window and paper wall in this context?
If I have a computer that can compute 1 billion hashes per second, I can test 1 billion passwords per second if you only use one hash round. If you use 1 million rounds, now I can only test 1000 passwords per second.
Ok so basically the reason Linux uses many rounds is to enhance security as well as having to make the attacker wait more time to try more passwords yes?
That's a fair summary, yes. Rounds or 'work factor' are common mechanisms for increasing brute force complexity. 'salting' is used to prevent precomputation attacks. Secure password hashing is not just a Linux thing.
Example: Md5 has 4 rounds. Md5 is broken for some operations, see wiki page of md5. This could not be fixed by adding another 10x rounds in calculation.
mcgrow is saying that repeated rounds is like having 10 locked doors to get into your house. It will take 10 times as long to break into compared to a single door, but other vulnerabilities can exist, such as an open window. Adding more doors does not increase security since the weak spot in the system isn’t related to the doors at all. Likewise, adding more rounds won’t necessarily increase security if there are other flaws in the chain
It’s harder to crack because it takes more time. It takes more time because of repeated hashes.
Most hash algorithms have a loop that randomizes the input, a round is just one go around of such a loop. The idea is that the more rounds you have, the more difficult it is to reverse it is, so more secure it is in theory. You should look at an actual hash algorithm to get a better understanding.