Comments on: Password Storage Challenge: bcrypt or loop salted hashes?

Comments on: Password Storage Challenge: bcrypt or loop salted hashes? https://7asecurity.com/blog/2012/06/password-storage-bcrypt-or-loop-salted/ Stay updated with app and website security tips, tools, and insights from the 7ASecurity blog. Mon, 01 Jul 2019 11:39:27 +0000 hourly 1 By: Abraham Aranguren https://7asecurity.com/blog/2012/06/password-storage-bcrypt-or-loop-salted/#comment-18 Tue, 26 Jun 2012 08:00:53 +0000 @throwawayforever00:
Thank you for the comment.

The point of the post is that even if scrypt is better than bcrypt, if the only advantage is the increase in computation, doesn't incrementing the iteration counter achieve the same goal while providing scale and more granular application-specific control?

The problem with bcrypt, scrypt, etc is that they might not be all available for all platforms while standard hashing algorithms (sha512, etc) are native functions or libraries for most languages.

I do believe in using the secret salt as a HMAC password and I think the OWASP guys will have this in the Secure Password Storage CheatSheet soon.

P.S. re registering for commenting sorry, I chose that option to avoid spam, you can contact me through other means if that's a problem

]]> By: Anonymous https://7asecurity.com/blog/2012/06/password-storage-bcrypt-or-loop-salted/#comment-17 Tue, 26 Jun 2012 07:22:07 +0000 correct answer: neither, use scrypt.

(making is log in with a third party service just to comment in really annoying. can you please enable 'just a name' comments?)

]]>