This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Soft Skills: The software developer's life manual and have John Sonmez on-line!
See this thread for details.
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

BCrypt vs PBKDF2

 
David Spades
Ranch Hand
Posts: 348
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wish to know which one is more secured with against attacks from today's fast hardwares? BCrypt or PBKDF2? thanks
 
Richard Tookey
Bartender
Pie
Posts: 1166
17
Java Linux Netbeans IDE
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Never having done a comparison I cannot say which will be the most difficult to crack based on processing in the password domain. Assuming that the password is constrained to have at least as much entropy as a randomly generated key for the target block algorithm then it is the entropy of the derived key that an attacker is likely to attack. Of course if the password has low entropy then it will not matter which method is used to derive the key.
 
Pat Farrell
Rancher
Posts: 4660
5
Linux Mac OS X VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Richard Tookey wrote:Of course if the password has low entropy then it will not matter which method is used to derive the key.


You're right. One really needs to stop the users from using a password, as they don't have enough entropy. We have to move to phase phrases or tools like OnePass.

Even recent studies show that "password" and "asdfgh" are the most popular entries.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic