Author Topic: bcrypt ?  (Read 15141 times)

Offline danielpublic

  • Normal Members
  • *
  • Posts: 3
bcrypt ?
« on: February 09, 2011, 10:35:54 PM »
OK, I've read my daily dosage of /. and read this (FAQ), it surely will increase my electric bill (ok, not really...) but anyhow.. bcrypt, I can has it.. hm?

Yay | Nay | Lol and what?

Cheers! /D. :)

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Re: bcrypt ?
« Reply #1 on: February 10, 2011, 03:03:45 AM »
Using bcrypt is more for storing the passwords on the servers you would use PasswordMaker on. There's also the fact the attacker has to know you're using PasswordMaker, and has to hope the sites he has your hash from the databases he stole, that you used the same setup on each site.

The type of passwords created by PasswordMaker might make the attacker think you're using KeePass or something like it to keep track of your passwords anyway.

The main issue with bcrypt is adding that work level to the UI, otherwise, it will be about a useful as MD5 in the long run when you need to up it.

Also, the hashes included are really slow in Firefox anyway.
« Last Edit: February 10, 2011, 03:05:52 AM by Miquel 'Fire' Burns »
"I'm not drunk, just sleep deprived."

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Re: bcrypt ?
« Reply #2 on: February 10, 2011, 07:56:25 PM »
I did think up an area of PasswordMaker that would do REALLY well to switch to bcrypt.

Step one, find a JavaScript version of bcrypt.
"I'm not drunk, just sleep deprived."

PasswordMaker Forums

Re: bcrypt ?
« Reply #2 on: February 10, 2011, 07:56:25 PM »