[Cryptography] Passwords (Smallest feasible work factor today?)

[John Levine]

It appears that Bill Frantz <frantz at pwpconsult.com> said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>
>
>> On Sep 8, 2022, at 01:36:24, Jon Callas <jon at callas.org> wrote:
>> 
>> Now, if the attacker wants *your* password, they're not going to do a billion (30 bits) of tries. ...
>
>The snarky thought came to me that even online password tries can be parallelized. There is no reason to single thread them. Of course the
>result will be a distributed denial of service attack on the logon process. :-)
>
>Also, the server could notice that a single account was getting a lot of bad password tries and freeze it. 

That is quite common, with the counterattack being to keep trying the
same password and rotate through all the account names.