aspose file tools*
The moose likes Security and the fly likes BCrypt vs PBKDF2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "BCrypt vs PBKDF2" Watch "BCrypt vs PBKDF2" New topic
Author

BCrypt vs PBKDF2

David Spades
Ranch Hand

Joined: Feb 01, 2014
Posts: 234
I wish to know which one is more secured with against attacks from today's fast hardwares? BCrypt or PBKDF2? thanks
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1110
    
  10

Never having done a comparison I cannot say which will be the most difficult to crack based on processing in the password domain. Assuming that the password is constrained to have at least as much entropy as a randomly generated key for the target block algorithm then it is the entropy of the derived key that an attacker is likely to attack. Of course if the password has low entropy then it will not matter which method is used to derive the key.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Richard Tookey wrote:Of course if the password has low entropy then it will not matter which method is used to derive the key.


You're right. One really needs to stop the users from using a password, as they don't have enough entropy. We have to move to phase phrases or tools like OnePass.

Even recent studies show that "password" and "asdfgh" are the most popular entries.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: BCrypt vs PBKDF2