6
votes

This question made me start thinking about password hashing again. I currently use bcrypt (specifically py-bcrypt). I've heard a lot about PBKDF2, and scrypt.

What I'm wondering is if there are any "more modern" password hashing methods that I might not know about (because they're new, so people don't talk about them as much), or maybe other methods I don't know about.

And then going on from there, which one should I use? Most people seem to recommend bcrypt, but I wonder if that's just because it's old (read: well-known). scrypt seems better (variable amount of memory usage). I don't know much about PBKDF2.

So if I make a user-management scheme, which of these should I use? Or should I use something completely different?

1

1 Answers

6
votes

PBKDF2 is used in WPA/WPA2 and Domain Cached Credentials 2 (AKA DCC2). You can change the iterations for the HMAC-SHA1 to increase security. This method of slowing down the cracking process is unbroken. However, since it is based on SHA1, you can call it GPU-friendly to attack.

Both, bcrypt and scrypt, use a lookup table. This memory dependence makes it GPU-unfriendly. The latest 28 nm GPU architectures however re-enable very fast access to memory.

For now you should favor bcrypt or scrypt. It is a good choice to use memory dependent hashes, but in the future this might change. Keep an eye on how GPU performance of the crackers increase. It is possible that they will reach an event horizon on which it will be better to switch back to just do GPU-friendly hashes but increase their iteration count.