I did a quick search and noticed by default pbkdf2 is not used... Check this out, https://security.stackexchange.com/questions/84482/do-gpg-and-openssh-use-ke... Seems worth it, but hardware solutions still seen preferable and have anti hammering. On Tue, Jun 25, 2019, 7:43 PM Ralf Mardorf via arch-general < arch-general@archlinux.org> wrote:
On Wed, 26 Jun 2019 10:41:03 +1000, asymptosis via arch-general wrote:
In practice, I believe any decent password cracker would start with a dictionary of the most common word
There are some common human patterns. In music for example it's unusual to play a b c d, its more common to play patterns such as a c b d. So instead of using a word, even a stupid human more likely would e.g. turn syllables by a pattern. Such a pattern isn't hard to crack, but a starting point for contemplation.