[email protected] wrote: > 1. Does the 72-character limit also apply to bcrypt_pbkdf() [presumably > this will mean softraid(4) crypto won't accept passwords >72 chars > anymore]?
No. There is no limit. (The inputs can also contain 0 bytes.) > 2. What is the recommended buffer size to be passed to bcrypt_pbkdf()? This is a strange question. It generates a key which you'd normally use to encrypt some data. So however much key material you need. > 3. In the BUGS section in the bcrypt(3) man page it mentions that > crypt() returns a pointer to static data. Is it safe/smart to assume > this constraint also applies to bcrypt() calls? Yes. On OpenBSD, the preferred interface is actually crypt_newhash, which doesn't have this restriction.
