Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the advantage of scrypt over bcrypt? [closed]

I'm looking at ways to securely store passwords. Some people claim that scrypt is "better" than bcrypt, and so far I've seen nobody who claims vice versa or that scrypt is insecure, though some call bcrypt "more reputable".

What's the advantage of scrypt over bcrypt? According to the scrypt website, "the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt". If that's the only advantage then can't I just use bcrypt with a larger number of rounds?

like image 516
Hongli Avatar asked Aug 04 '09 09:08

Hongli


People also ask

Is SCrypt better than bcrypt?

SCrypt is a better choice today: better design than BCrypt (especially in regards to memory hardness) and has been in the field for 10 years. On the other hand, it has been used for many cryptocurrencies and we have a few hardware (both FPGA and ASIC) implementation of it.

What is the advantage of using SCrypt or Argon2 vs PBKDF2?

However there are far more practical attacks to consider, mainly using GPUs and dedicated hardware. That is where the advantages of argon2 over bcrypt or PBKDF2-SHA1 for instance come into play. Argon2 requires not only CPU but also RAM, while the others hardly use memory.

Is bcrypt still the best?

A lot of your research is correct and still applies in 2021, so it is still secure to use BCrypt (which usually generates its own random salt for each password). Good password hashing algorithms are Argon2, SCrypt and BCrypt, they all offer a cost factor which controls the necessary time.

What is SCrypt and bcrypt?

Scrypt is an update to the same model from which Bcrypt arose. Scrypt is designed so as to rely on high memory requirements as opposed to high requirements on computational power.


1 Answers

With scrypt in addition to increasing computation you can increase the amount of memory needed to compute the hash. This doesn't bother software implementations much but is much harder to implement with hardware - which is what a dedicated attacker is likely to develop and use.

bcrypt (and PBKDF2) use constant, and small, amounts of memory.

like image 175
orip Avatar answered Sep 26 '22 07:09

orip