Fantastic read on #bcrypt 25 years later, by Niels Provos, one of its creators.

#passwords

https://blog.apnic.net/2023/08/02/bcrypt-at-25-a-retrospective-on-password-security/

High @sc00bz and @epixoip, I recently came across your recommendations not to (blindly) use #Argon2 as a #PHF (but it's a good #KDF) due to this requiring runtimes that make it (usually) inapplicable for password hashing. Or, phrased differently, would require lowering security parameters in order to stay performant, that the security of the hashing would be compromised.

The #Bcrypt article on Wikipedia put forth a similar claim but without any citations and phrased a bit misleading (IMO). I've adjusted the article and added two citations. If you have time, I'd be glad if you could give some feedback on this, as there are only few citable sources on this and I'm by far no expert on the matter:

https://en.wikipedia.org/w/index.php?title=Bcrypt&diff=prev&oldid=1157855165

Thank you!

"Bcrypt at 25: A Retrospective on Password Security"

https://www.usenix.org/publications/loginonline/bcrypt-25-retrospective-password-security

#security #passwords #infosec #authentication #bcrypt

A Popular Password Hashing Algorithm Starts Its Long Goodbye

The coinventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.

https://www.wired.com/story/bcrypt-password-hashing-25-years/

#bcrypt #passwords #algorithms

Nebenbei, ab nächster Version wird das #LBS dann auf bcrypt wechseln.

@postmodern self-sovereign identity? Maybe it’s time to rely less on passwords?

#bcrypt #password #authentication

25 years of bcrypt password hashing: a retrospective on password security

https://www.usenix.org/publications/loginonline/bcrypt-25-retrospective-password-security

#security #password #bcrypt