Have u tried scrypt? [email protected] skrev: (7 februari 2017 16:16:21 CET) >I am investigating bcrypt_pbkdf(3) or bcrypt(3) to secure passphrases >within an existing application. > >However, the man page for bcrypt_pbkdf() does not mention the >72-character password limit that bcrypt() does, especially given >bcrypt_pbkdf() appears to accept an output buffer whose length is the >caller's choice. > >72 characters may seem short, but the application currently >concatenates a non-secret global file ID to the passphrase; >this can easily make the total length go past 72 characters. I am >interested in knowing if I will need to remove the concatenated info >from the input. > >1. Does the 72-character limit also apply to bcrypt_pbkdf() [presumably > this will mean softraid(4) crypto won't accept passwords >72 chars > anymore]? > >2. What is the recommended buffer size to be passed to bcrypt_pbkdf()? > >3. In the BUGS section in the bcrypt(3) man page it mentions that > crypt() returns a pointer to static data. Is it safe/smart to assume > this constraint also applies to bcrypt() calls? > >Some assistance clarifying this would be appreciated. >Thanks.
-- Sincerly flipchan - LayerProx dev
