[Cryptography] Why don't we protect passwords properly?
Krisztián Pintér
pinterkr at gmail.com
Wed Dec 25 05:42:24 EST 2013
Patrick Mylund Nielsen (at Wednesday, December 25, 2013, 3:37:40 AM):
> I
> wholeheartedly disagree that they're good reasons to use PBKDF2 over
> scrypt (which coincidentally uses PBKDF2 itself,) since scrypt is
> still far superior at the main goal: Making a wholesale offline
> attack against all of the passwords in a user database prohibitively expensive.
goal can be nice, but it might fail at this goal if opens a backdoor.
i would only recommend scrypt (and bcrypt for that matter) in special
circumstances (if your attack model excludes cache timings). it is
okay, specialized solutions have a place in the industry. but you need
to know goddam well if you can use it or not. for general use, i must
recommend pbkdf2, even if it is an ugly little piece of design.
More information about the cryptography
mailing list