Bcrypt is a good hashing algorithm to use, as you can tailor the difficulty leve... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jarin on April 15, 2011 \| parent \| context \| favorite \| on: Why the password "this is fun" is 10 times more se... Bcrypt is a good hashing algorithm to use, as you can tailor the difficulty level to find a good balance. A 100ms hashing time probably won't make much of a difference as far as scaling goes (unless your users are actually doing the login process multiple times per day), but it makes a huge difference in how long it takes to brute force.

Locke1689 on April 15, 2011 | [–]

Everyone should just use bcrypt, period. (Or scrypt if you follow and trust cperciva)

asharp on April 16, 2011 | [–]

It was my understanding, having read the scrypt paper, that scrypt is significantly more secure then bcrypt (hence its existence).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact