Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I thought the first one was solved at least 3 different ways over now, and that we should just pick one of [bcrypt, PBKDF2, scrypt]?


That still really is the answer for password hashes.

The right ordering is scrypt, bcrypt, PBKDF2, but even if you choose PBKDF2 you're still worlds better than salted hashes.

It makes sense for NaCL/Sodium to just pick one, though, and it makes sense for the choice to come from the hash contest.


See this excellent presentation by Solar Designer on this very topic: http://www.openwall.com/presentations/Passwords12-The-Future...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: