The thought experiment is bad for the same reason, which you appear to agree with. The hashes are not secrets, it's just that passwords are pretty bad secrets. If I gave you an RSA modulus in which you know one factor is chosen from a range of a few trillion primes, the public key could be broken if public. The fact that typical user-chosen passwords are iffy secrets doesn't make the hashes secrets as well.
The choice to use password hashing is in effect an admission that they'll still be secrets. We are only using a specialist password hash
No, as you say yourself, we'd still hash if the passwords were random strings. Which turns them into non-secrets. The specialized hashing is an admission that many passwords are guessable. It sorts of sounds like you want to forklift your own terminology into this using the fact that user-selected passwords can be guessed.
> If I gave you an RSA modulus in which you know one factor is chosen from a range of a few trillion primes, the public key could be broken if public.
And so public CAs are obliged to forbid such practices to the extent they're able to detect them. As a result on the whole users who try to use crap moduli get denied.
Go try it, mint yourself an RSA pair such that the public modulus is 11 x n or something easy, and ask Let's Encrypt to issue for that key in a name you own, they'll refuse explaining that your proposed key is crap. Here's a nickel kid go buy yourself a better semi-prime.
In contrast the vast majority of password protected user accounts don't even check Pwned passwords. I can sign up for a lot of stuff literally using Sup3rman as my password.
> The fact that typical user-chosen passwords are iffy secrets doesn't make the hashes secrets as well.
Yes, in practice it does.
> as you say yourself, we'd still hash if the passwords were random strings. Which turns them into non-secrets.
That works on random strings, but it doesn't work on non-random strings.
No amount of processing can magically make the non-random strings be random and so Argon2id("Sup3rman") is going to need to be treated as a secret or else any fool can just try the most popular passwords and reverse it.
The choice to use password hashing is in effect an admission that they'll still be secrets. We are only using a specialist password hash
No, as you say yourself, we'd still hash if the passwords were random strings. Which turns them into non-secrets. The specialized hashing is an admission that many passwords are guessable. It sorts of sounds like you want to forklift your own terminology into this using the fact that user-selected passwords can be guessed.