Skip to main content
10 events
when toggle format what by license comment
Apr 11, 2024 at 17:59 comment added VonNaturAustreVe Thanks for the paper! Good lecture!
Jul 4, 2018 at 8:26 comment added Mikko Rantalainen According to usenix.org/system/files/conference/woot14/woot14-malvoni.pdf attacker is only 2x faster with custom hardware than bcrypt defender using generic i7 CPU. Seems much better than attacker being 10-20x faster with PKBDF than the defender.
Nov 30, 2017 at 4:52 comment added vee_ess @EricGrange This is true for ALL algorithms. As time goes by and more cryptanalysis is done, we can become increasingly confident (but never completely sure) that a particular algorithm doesn't have a particular weakness. The notion that we can know with certainty the risks for PBKDF2 but not bcrypt is absurd.
Feb 3, 2017 at 10:16 comment added Mikko Rantalainen @EricGrange: it's true that PKBDF defenders know what attackers can do. Unfortunately, the attackers can do at least 10-20x faster than the defenders. Defender wants to use bcrypt because it currently seems to give much less edge for the attacker. Basically the fans of bcrypt think that the algorithm seems good enough to trust and it makes the playing field more level for the defender and attacker. If you think that giving at least 10-20x performance boost to the attacker is okay, then PKBDF is better choice because the tradeoffs are better understood.
Dec 17, 2015 at 11:28 comment added Eric Grange Basic assumption of bcrypt is that it is slow, but that is just an assumption, a weakness could exist that allows to drastically cut down execution time, or hardware evolutions could bypass the slowness (same as for Scrypt). PKBDF on the other hand relies on a well tested hash for which fairly fast near-optimal hardware already exists, which means that the time and complexity parameters are well known (and can be leveraged through repetition). PKBDF defenders know exactly what attackers can do within an order of magnitude, bcrypt defenders do not.
S Jun 11, 2013 at 13:34 history suggested Søren Løvborg CC BY-SA 3.0
Replace dead link with Internet Archive link
Jun 11, 2013 at 13:25 review Suggested edits
S Jun 11, 2013 at 13:34
Jun 16, 2012 at 21:41 review Suggested edits
Jun 16, 2012 at 22:17
Jun 25, 2011 at 10:21 history migrated from stackoverflow.com (revisions)
Sep 16, 2010 at 7:39 history answered Giuseppe Accaputo CC BY-SA 2.5