![]() ![]() (In a web app anyway, 0.5 seconds is not very a long time.) I also know by testing a loop over that function that I can handle many more logins per minute than I am currently seeing. If I choose enough rounds to cause bcrypt to take 0.5 seconds, I can be sure that my users won't see a significant slowdown when they login. ![]() worst-case.) will be leaked, either accidentally or deliberately. Assuming that I'm doing password hashing properly and using bcrypt, scrypt or PBKDF2, how should I go about choosing an appropriate difficulty factor? i.e rounds for bcrypt, iterations for PBKDF2 and maxtime, maxmem or maxmemfrac for scrypt.Īlso assume that the worst-case scenario will happen and my user's hashes and salt (and any application-salt or pepper.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |