lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sun, Jan 19, 2014 at 7:37 PM, William Ahern
<william@25thandclement.com> wrote:

[...]

> The marginal security is so low, that's the kind of thing you need to on a
> regular basis to make them worthwhile. That's not the kind of thing you need
> to do with traditional cryptographic primitives. My 2048-bit RSA key from
> 2000 is in real-terms just as safe today as it was 14 years ago. But a
> PBKDF2 round variable would be laughable after 14 years.

You could even encrypt files with your RSA key! You wouldn't do that
with bcrypt output, however, because you negate the whole benefit of
recursive hashing: the attacker only needs to find the n-1th
intermediate form to crack the file.

Would you consider, then, login authentication distinct from general decryption?

It's almost as if bcrypt and the like were designed for distinct purposes.