Why not use Bcrypt?

[nahtnam]

Looking at this: https://docs.google.com/document/d/1bHlm4NQkSzaBTT5tLIqQBmV92wSsbdOX5r-dRR9Dgg0/edit

I dont think its mentioned, but I think bcrypt should be used for passwords since its probably one of the most secure hashing algorithms.

[1715290861]

1715290861

[1715290861]

1715290861

[Madness]

Pretty good idea , what what's the forum is using right now? MD5 or something if yes then it would be good to use bcrypt because brute-forcing the password will be 10 times more expensive with bcrypt than with MD5.

~ Madness

[Muhammed Zakir]

+1 from me. I was looking for disadvantages of using Bcrypt and one disadvantage I found is that the output length is not configurable. From http://www.tarsnap.com/scrypt/scrypt.pdf:



   -MZ

[Blazr]

The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.

[Muhammed Zakir]

The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.

RIPEND160 is good and I think SHA-2 family is good too. I think bcrypt was suggested because it has a large time cost for each hash generated, which makes brute force attacks against any given password an infeasible proposition.

   -MZ

[theymos]

The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.

The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.

[Muhammed Zakir]

If forum is using SHA-256, then it is fine for me! Bcrypt is indeed very slow compared to others and is somewhat similar to Bcrypt when Inread the comparison & above PDF. Thank you, theymos, for replying!

   -MZ