Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

BCrypt vs PBKDF2

 
David Spades
Ranch Hand
Posts: 348
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wish to know which one is more secured with against attacks from today's fast hardwares? BCrypt or PBKDF2? thanks
 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Never having done a comparison I cannot say which will be the most difficult to crack based on processing in the password domain. Assuming that the password is constrained to have at least as much entropy as a randomly generated key for the target block algorithm then it is the entropy of the derived key that an attacker is likely to attack. Of course if the password has low entropy then it will not matter which method is used to derive the key.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Richard Tookey wrote:Of course if the password has low entropy then it will not matter which method is used to derive the key.


You're right. One really needs to stop the users from using a password, as they don't have enough entropy. We have to move to phase phrases or tools like OnePass.

Even recent studies show that "password" and "asdfgh" are the most popular entries.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic