Don’t Use bcrypt
Tony Arcieri (via Hacker News):
If you’re already using bcrypt, relax, you’re fine, probably. However, if you’re looking for a key derivation function for a new project, bcrypt is probably not the best one you can pick. In fact, there are two ciphers which are each better in a different way than bcrypt, and also widely available across many platforms.
1 Comment RSS · Twitter
March 20, 2012 12:39 PM
[...] Arcieri urges developers storing user-sensitive data, such as a passwords, not to use bcrypt (via Michael Tsai) for deriving the encryption key: The first cipher I’d suggest you consider besides bcrypt is [...]
