Because PBKDF2 has been designed and tested by cryptographers and is fully described in RFC 2898 which includes test vectors to verify an implementation. bcrypt is tied to a now obsolete cipher (blowfish), I don't know anything much about scrypt but anyone can claim they designed it to be more secure, but proving it is another matter.
B. On 6 July 2011 15:43, Dirkjan Ochtman <[email protected]> wrote: > On Wed, Jul 6, 2011 at 14:43, Robert Newson <[email protected]> wrote: >> Some time ago I wrote some code to implement the PBKDF2 protocol. This >> is a cryptographically sound means of deriving a key from a password. > > Why is this better than stuff like bcrypt or scrypt? The page for the > latter, at least, states that it "is designed to be far more secure > against hardware brute-force attacks than alternative functions such > as PBKDF2". > > Cheers, > > Dirkjan >
