[messaging] PBKDF2 vs bcrypt vs scrypt ... when dealing with browsers

Trevor Perrin trevp at trevp.net
Fri Dec 19 22:06:46 PST 2014


This is off topic.

There's a password hashing mailing list, I suggest you take your question there:

https://password-hashing.net/interaction.html

Or to one of the general crypto lists:

http://lists.randombit.net/mailman/listinfo/cryptography
http://www.metzdowd.com/mailman/listinfo/cryptography


Trevor


On Fri, Dec 19, 2014 at 9:52 PM, Tao Effect <contact at taoeffect.com> wrote:
> Question for the crypto-gurus out there (skip to TLDR if you want).
>
> What is the best practice (for today) when dealing with passwords over
> websites, given the following context and assumptions:
>
> Context:
>
> - Hashed/encrypted passwords stored in server database
> - User enters password in form and sends to server over HTTPS
> - KDF algorithm shouldn't run for more than 2 seconds on any modern mobile
> device
>
> Assumptions:
>
> - It is better to send the encrypted password over the wire than the
> password itself
>
> Known knowns:
>
> - Server can run all three KDFs natively.
> - Clients (web browsers) can only run PBKDF2 natively for browsers that
> support that part of the WebCrypto spec
>
> TLDR:
>
> That last part is the crux of the question: since only PBKDF2 (might) be
> supported natively, and scrypt/bcrypt are forced to run in JS, does that
> imply that in the case of login forms PBKDF2 is actually /more secure/ than
> scrypt/bcrypt given our 2 second runtime constraint?
>
> How do I even begin to test/validate this question?
>
> Many thanks!
>
> Greg Slepak
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>


More information about the Messaging mailing list