Changes between Version 1 and Version 2 of Ticket #21022, comment 121
- Timestamp:
- 09/18/2019 06:54:09 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21022, comment 121
v1 v2 21 21 In attacker terms, once they get past "easy" rainbow/shortening/lengthening/collision vulnerabilities they're left with brute force. On a GPU bcrypt's default setup/lengthening/salting yields <1,000 attempts/second. On the same GPU, SHA hashing yields ~1,000,000,000 attempts/second. 22 22 23 I can't help but worry your bcrypt-sha512-base64 solution will make jumping to `PASSWORD-DEFAULT` harder @paragoninitiativeenterprises. But heck! it's still 10^6 better than SHA, and way closer to vanilla `password_hash()` than we have now.23 I can't help but worry your bcrypt-sha512-base64 solution will make jumping to `PASSWORD-DEFAULT` harder @paragoninitiativeenterprises. But heck! it's still 10^6^ better than SHA, and way closer to vanilla `password_hash()` than we have now.