Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
zheng
on March 19, 2012
|
parent
|
context
|
favorite
| on:
Don't use bcrypt
I think he meant it hasn't undergone the same level of public scrutiny. You've certainly spent ample time researching it, and it's obviously been tested, but possibly not as much something like AES.
cperciva
on March 19, 2012
|
next
[–]
OK, but PBKDF2 hasn't had very much scrutiny either. The entire field of key derivation functions has been very much neglected.
tptacek
on March 19, 2012
|
prev
[–]
bcrypt is better tested than PBKDF2: far more publicly "testable" systems use it (bcrypt was the password file format for OpenBSD).
there
on March 19, 2012
|
parent
[–]
was?
tptacek
on March 19, 2012
|
root
|
parent
[–]
In the sense of "that's where it came from".
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
