If forum is using SHA-256, then it is fine for me! Bcrypt is indeed very slow compared to others and is somewhat similar to Bcrypt when Inread the comparison & above PDF. Thank you, theymos, for replying!
-MZ
Topic: Why not use Bcrypt? (Read 1814 times)
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.
The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.
The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.
RIPEND160 is good and I think SHA-2 family is good too. I think bcrypt was suggested because it has a large time cost for each hash generated, which makes brute force attacks against any given password an infeasible proposition.
-MZ
The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
+1 from me. I was looking for disadvantages of using Bcrypt and one disadvantage I found is that the output length is not configurable. From http://www.tarsnap.com/scrypt/scrypt.pdf:
-MZ
-MZ
Pretty good idea , what what's the forum is using right now? MD5 or something if yes then it would be good to use bcrypt because brute-forcing the password will be 10 times more expensive with bcrypt than with MD5.
~ Madness
~ Madness
Looking at this: https://docs.google.com/document/d/1bHlm4NQkSzaBTT5tLIqQBmV92wSsbdOX5r-dRR9Dgg0/edit
I dont think its mentioned, but I think bcrypt should be used for passwords since its probably one of the most secure hashing algorithms.
I dont think its mentioned, but I think bcrypt should be used for passwords since its probably one of the most secure hashing algorithms.
Jump to: