But iirc bcrypt is vulnerable to people renting a GPU rack on Amazon and brute forcing the hell out of it. Emil knows more, but ya tradeoffs
Regular reminder you shouldn't use bcrypt for new apps. Use high-mem, high-cpu impls like secure-password instead https://github.com/emilbayes/secure-password …
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
You /can/ use bcrypt, scrypt and pbkdf2 if you don't have other options, but using Argon2 (which is memory bound) is highly recommended!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
What do you mean by "lack of sustained wetting"? It made it through all rounds of PHC and won, and was tweaked to accommodate published atck
-
Reference: https://password-hashing.net/ :)
End of conversation
New conversation -
-
-
time and confidence in the algo are correlated, not causal. Simplicity of the underlying algo is very important in easing the cryptoanalysis
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
idk whatever the years of usage previous cryptos had imo come into the design of newer cryptos; it's not a wasted experience
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I find the argument at the start of the Argon2 paper satisfying with regards to why one should have more confidence in it over eg. scrypt :)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
What do you mean by side channel here? I think both you and I are working with a threat model where the attack vector is the hash at rest
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
It seems that was fixed, but I will have to study the paper and changes to find myself convinced
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.