File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes BCrypt vs PBKDF2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "BCrypt vs PBKDF2" Watch "BCrypt vs PBKDF2" New topic
Author

BCrypt vs PBKDF2

David Spades
Ranch Hand

Joined: Feb 01, 2014
Posts: 194
I wish to know which one is more secured with against attacks from today's fast hardwares? BCrypt or PBKDF2? thanks
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1035
    
  10

Never having done a comparison I cannot say which will be the most difficult to crack based on processing in the password domain. Assuming that the password is constrained to have at least as much entropy as a randomly generated key for the target block algorithm then it is the entropy of the derived key that an attacker is likely to attack. Of course if the password has low entropy then it will not matter which method is used to derive the key.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

Richard Tookey wrote:Of course if the password has low entropy then it will not matter which method is used to derive the key.


You're right. One really needs to stop the users from using a password, as they don't have enough entropy. We have to move to phase phrases or tools like OnePass.

Even recent studies show that "password" and "asdfgh" are the most popular entries.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: BCrypt vs PBKDF2
 
Similar Threads
Spring security support for double encryption
Is MD5 hashing reversible?
how secure is my password
Another Problem about Attached Files
PBKDF2 for J2ME