[messaging] PBKDF2 vs bcrypt vs scrypt ... when dealing with browsers

Trevor Perrin trevp at trevp.net
Fri Dec 19 22:06:46 PST 2014

This is off topic.

There's a password hashing mailing list, I suggest you take your question there:


Or to one of the general crypto lists:



On Fri, Dec 19, 2014 at 9:52 PM, Tao Effect <contact at taoeffect.com> wrote:
> Question for the crypto-gurus out there (skip to TLDR if you want).
> What is the best practice (for today) when dealing with passwords over
> websites, given the following context and assumptions:
> Context:
> - Hashed/encrypted passwords stored in server database
> - User enters password in form and sends to server over HTTPS
> - KDF algorithm shouldn't run for more than 2 seconds on any modern mobile
> device
> Assumptions:
> - It is better to send the encrypted password over the wire than the
> password itself
> Known knowns:
> - Server can run all three KDFs natively.
> - Clients (web browsers) can only run PBKDF2 natively for browsers that
> support that part of the WebCrypto spec
> That last part is the crux of the question: since only PBKDF2 (might) be
> supported natively, and scrypt/bcrypt are forced to run in JS, does that
> imply that in the case of login forms PBKDF2 is actually /more secure/ than
> scrypt/bcrypt given our 2 second runtime constraint?
> How do I even begin to test/validate this question?
> Many thanks!
> Greg Slepak
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging

More information about the Messaging mailing list