28
Jun
2011

Can bcrypt’s computational expense be reduced on the server side?

Tags: , ,

(Caution: Amateur security research ahead.  Using it in a live system is not recommendable.) I recently read “How to Safely Store a Password”, an article by Coda Hale. For years I’ve thought that salting and hashing passwords with MD5 or SHA-1 prior to storage was sufficient to thwart password-cracking efforts (in cases where the user-account [...]

Continue reading » 3 Comments