Hacker News new | past | comments | ask | show | jobs | submit login

PBKDF2 is not for password storage.



PBKDF2 is absolutely for password storage. In fact RFC 2898 specifically notes that use case (for KDFs in general):

> Another approach to password-based cryptography is to construct key derivation techniques that are relatively expensive, thereby increasing the cost of exhaustive search.


Do you have a source for that? It was my understanding that PBKDF2 is 'good enough for now', but not necessarily the most future-proof of techs, given how easily the algorithm is optimised for GFX cards.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: