Monday, March 19, 2012

My 2¢ on bcrypt vs ___

The topic came up today "Don't use bcrypt, use this instead".

http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html

In my opinion, as a practical matter (and as a non-cryptographer), this conversation doesn't actually matter at all.

  1. Cryptographers (as a whole) rarely fully agree on anything anyway - this is no different.  
  2. No one is suggesting that bcrypt is fatally flawed, just that someone thinks there might be better options.
  3. "Use bcrypt" is perfectly good advice to give to people who were planning to:
    1. Use clear text
    2. Use ROT13 (2 rounds :) )
    3. Make up their own "crypto" (ROT13 then XOR with MAC address, etc)
    4. Use an unsalted hash
    5. Use crypt
    6. Encrypt passwords (versus hash)
    7. Use a salted hash with a globally shared salt
    8. Use a salted hash with individual salts
  4. "Use bcrypt" is still perfectly good advice even if PBKDF2 or scrypt are indeed better.
  5. bcrypt is (thankfully) becoming quite widely available.  And some people are even using it! :)

At the end of the day - you can modify your message to be, "Use bcrypt or scrypt or PBKDF2", if you really want.  But "Use bcrypt" is still perfectly valid advice.