To benoitc's point, we could switch sha256 in for sha1 as soon as it's available in an OTP release.
B. On 6 July 2011 15:50, Robert Newson <[email protected]> wrote: > Because PBKDF2 has been designed and tested by cryptographers and is > fully described in RFC 2898 which includes test vectors to verify an > implementation. bcrypt is tied to a now obsolete cipher (blowfish), I > don't know anything much about scrypt but anyone can claim they > designed it to be more secure, but proving it is another matter. > > B. > > On 6 July 2011 15:43, Dirkjan Ochtman <[email protected]> wrote: >> On Wed, Jul 6, 2011 at 14:43, Robert Newson <[email protected]> wrote: >>> Some time ago I wrote some code to implement the PBKDF2 protocol. This >>> is a cryptographically sound means of deriving a key from a password. >> >> Why is this better than stuff like bcrypt or scrypt? The page for the >> latter, at least, states that it "is designed to be far more secure >> against hardware brute-force attacks than alternative functions such >> as PBKDF2". >> >> Cheers, >> >> Dirkjan >> >
