Tuesday, March 20, 2012

Don’t Use bcrypt

Tony Arcieri (via Hacker News):

If you’re already using bcrypt, relax, you’re fine, probably. However, if you’re looking for a key derivation function for a new project, bcrypt is probably not the best one you can pick. In fact, there are two ciphers which are each better in a different way than bcrypt, and also widely available across many platforms.

1 Comment RSS · Twitter

[...] Arcieri urges developers storing user-sensitive data, such as a passwords, not to use bcrypt (via Michael Tsai) for deriving the encryption key: The first cipher I’d suggest you consider besides bcrypt is [...]

Leave a Comment