http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html
In my opinion, as a practical matter (and as a non-cryptographer), this conversation doesn't actually matter at all.
- Cryptographers (as a whole) rarely fully agree on anything anyway - this is no different.
- No one is suggesting that bcrypt is fatally flawed, just that someone thinks there might be better options.
- "Use bcrypt" is perfectly good advice to give to people who were planning to:
- Use clear text
- Use ROT13 (2 rounds :) )
- Make up their own "crypto" (ROT13 then XOR with MAC address, etc)
- Use an unsalted hash
- Use crypt
- Encrypt passwords (versus hash)
- Use a salted hash with a globally shared salt
- Use a salted hash with individual salts
- "Use bcrypt" is still perfectly good advice even if PBKDF2 or scrypt are indeed better.
- bcrypt is (thankfully) becoming quite widely available. And some people are even using it! :)
At the end of the day - you can modify your message to be, "Use bcrypt or scrypt or PBKDF2", if you really want. But "Use bcrypt" is still perfectly valid advice.
