Timeline for Do any security experts recommend bcrypt for password storage?
Current License: CC BY-SA 3.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 11, 2024 at 17:59 | comment | added | VonNaturAustreVe | Thanks for the paper! Good lecture! | |
| Jul 4, 2018 at 8:26 | comment | added | Mikko Rantalainen | According to usenix.org/system/files/conference/woot14/woot14-malvoni.pdf attacker is only 2x faster with custom hardware than bcrypt defender using generic i7 CPU. Seems much better than attacker being 10-20x faster with PKBDF than the defender. | |
| Nov 30, 2017 at 4:52 | comment | added | vee_ess | @EricGrange This is true for ALL algorithms. As time goes by and more cryptanalysis is done, we can become increasingly confident (but never completely sure) that a particular algorithm doesn't have a particular weakness. The notion that we can know with certainty the risks for PBKDF2 but not bcrypt is absurd. | |
| Feb 3, 2017 at 10:16 | comment | added | Mikko Rantalainen | @EricGrange: it's true that PKBDF defenders know what attackers can do. Unfortunately, the attackers can do at least 10-20x faster than the defenders. Defender wants to use bcrypt because it currently seems to give much less edge for the attacker. Basically the fans of bcrypt think that the algorithm seems good enough to trust and it makes the playing field more level for the defender and attacker. If you think that giving at least 10-20x performance boost to the attacker is okay, then PKBDF is better choice because the tradeoffs are better understood. | |
| Dec 17, 2015 at 11:28 | comment | added | Eric Grange | Basic assumption of bcrypt is that it is slow, but that is just an assumption, a weakness could exist that allows to drastically cut down execution time, or hardware evolutions could bypass the slowness (same as for Scrypt). PKBDF on the other hand relies on a well tested hash for which fairly fast near-optimal hardware already exists, which means that the time and complexity parameters are well known (and can be leveraged through repetition). PKBDF defenders know exactly what attackers can do within an order of magnitude, bcrypt defenders do not. | |
| S Jun 11, 2013 at 13:34 | history | suggested | Søren Løvborg | CC BY-SA 3.0 | Replace dead link with Internet Archive link |
| Jun 11, 2013 at 13:25 | review | Suggested edits | |||
| S Jun 11, 2013 at 13:34 | |||||
| Jun 16, 2012 at 21:41 | review | Suggested edits | |||
| Jun 16, 2012 at 22:17 | |||||
| Jun 25, 2011 at 10:21 | history | migrated | from stackoverflow.com (revisions) | ||
| Sep 16, 2010 at 7:39 | history | answered | Giuseppe Accaputo | CC BY-SA 2.5 |