Author

Topic: Why not use Bcrypt? (Read 1838 times)

hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
February 25, 2015, 11:44:38 AM
#7
If forum is using SHA-256, then it is fine for me! Bcrypt is indeed very slow compared to others and is somewhat similar to Bcrypt when Inread the comparison & above PDF. Thank you, theymos, for replying!

   -MZ
administrator
Activity: 5222
Merit: 13032
February 25, 2015, 10:00:35 AM
#6
The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.

The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
February 25, 2015, 04:08:42 AM
#5
The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.

RIPEND160 is good and I think SHA-2 family is good too. I think bcrypt was suggested because it has a large time cost for each hash generated, which makes brute force attacks against any given password an infeasible proposition.

   -MZ
hero member
Activity: 882
Merit: 1006
February 25, 2015, 03:43:50 AM
#4
The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
February 25, 2015, 03:23:38 AM
#3
+1 from me. I was looking for disadvantages of using Bcrypt and one disadvantage I found is that the output length is not configurable. From http://www.tarsnap.com/scrypt/scrypt.pdf:



   -MZ
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
February 25, 2015, 01:40:53 AM
#2
Pretty good idea , what what's the forum is using right now? MD5 or something if yes then it would be good to use bcrypt because brute-forcing the password will be 10 times more expensive with bcrypt than with MD5.

~ Madness
legendary
Activity: 1092
Merit: 1000
nahtnam.com
February 24, 2015, 06:33:01 PM
#1
Looking at this: https://docs.google.com/document/d/1bHlm4NQkSzaBTT5tLIqQBmV92wSsbdOX5r-dRR9Dgg0/edit

I dont think its mentioned, but I think bcrypt should be used for passwords since its probably one of the most secure hashing algorithms.
Jump to: