BCrypt works fine, but I wouldn't say it is "2016-era security practices". It wa... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

brokenwren on June 15, 2016 | parent | context | favorite | on: My First 10 Minutes on a Server

BCrypt works fine, but I wouldn't say it is "2016-era security practices". It was written in 1999 and hasn't had as much scrutiny as SHA or Blowfish (although it is based on Blowfish).

Regardless, using a salted, multi-pass algorithm will keep everything nicely secured using nearly any hashing algorithm.

Remember the goal is not to crack one user's password using a brute force lookup table, it is to crack everyone's password.

hyperpape on June 16, 2016 | [–]

BCrypt is apparently just fine in 2016: https://news.ycombinator.com/item?id=11120528.

wglb on June 16, 2016 | [–]

It is in fact a 2016-era good security practice.

And it is designed to prevent what your last sentence says.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact