| ▲ | internetter 9 days ago |
| I feel like this is going to bite me in the ass 15 years from now but like bcrypt is really really hard to screw up |
|
| ▲ | FabHK 9 days ago | parent [-] |
| Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2. So even 7 years ago bcrypt was only the 3rd recommended option. |
| |
| ▲ | internetter 9 days ago | parent | next [-] | | You'll find that opinion is still divided among these three options. And bcrypt is harder to mess up. It has less parameters (it doesn't fall apart as easy) and salting is built in, whereas its not for scrypt and argon2. If, knowing nothing else about the competency of the programmer, I had to choose between an application using scrypt, argon2 and bcrypt, I'd pick bcrypt any day. | |
| ▲ | LVB 9 days ago | parent | prev [-] | | They follow with: "But, seriously: you can throw a dart at a wall to pick one of these... In practice, it mostly matters that you use a real secure password hash, and not as much which one you use. |
|
