On Wed, May 6, 2015 at 9:17 PM, Christoph Becker <cmbecke...@gmx.de> wrote:
> Leszek Krupinski: > > > While I agree that the statement "bcrypt is better than PBKDF2, thus only > > bcrypt should be used" is difficult to defend, > > Well at least the StackExchange thread[1] pointed out by Nikita supports > the statement. > Partially. It mainly says "bcrypt is no worse than PBKDF2". As Nikita stated, bcrypt is better in putting more strain on GPU, yet it's worse with long passwords. Because of that, I wouldn't say which one is generally better. > > IMO - docs should describe alternatives, without statements "X is better > > than Y", but we also should include PBKDF2 as an option for > password_hash() > > - PHP7 is (theoretically, apparently) closed for new features, but we > > should target the next possible version. I'm not sure if we should opt > for > > changing the default. > > As Nikata has pointed out there is no standardized crypt-compatible > format for PBKDF2, so it seems to be preferable not to add it to > password_hash(). > It's true that it's not supported by crypt, but I'll refer to that in a reply to Nikita's post. > > Regarding iteration count: (again, IMO) 1024 is a bit low, but 128000 as > a > > default for everyone might be a bit too much. > > As I understand it, the iteration count has to be very different for > bcrypt and PBKDF2 (the latter requiring much more rounds). Increasing > the default cost factor of bcrypt from 10 to 11 or 12 seems to be > reasonable, considering that 10 had be chosen nearly two years ago. > +1. --Leszek
