lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Fri, Jan 24, 2014 at 10:12:02PM -0800, William Ahern wrote:
> Here's a blurb from the scrypt webpage:
> 
> 	We estimate that on modern (2009) hardware, if 5 seconds are spent
> 	computing a derived key, the cost of a hardware brute-force attack
> 	against scrypt is roughly 4000 times greater than the cost of a
> 	similar attack against bcrypt (to find the same password), and 20000
> 	times greater than a similar attack against PBKDF2.
> 
> Who in their right mind would allow their website authentication system to
> spend 5 seconds (an eternity!) hogging a CPU? Especially when you could
> instead mandate passwords just three or four characters longer for the same
> benefit and without crippling your throughput?

Because verifying with a correct password is much faster than verifying
with an incorrect one.  Plus, that 5 seconds is tunable.  Want it to be
only a milisecond?  Fine.  You can do that, and make sure it's always a
milisecond, regardless of how fast computers get.

> Anything over a millisecond is already too long for real websites.

Not all websites are Facebook.

B.