scrypt is tunable; you can make it use as much or as little CPU time as you want... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

cperciva on March 20, 2012 | parent | context | favorite | on: Don't use bcrypt

scrypt is tunable; you can make it use as much or as little CPU time as you want. For any particular amount of CPU time, scrypt will give you more security than bcrypt or PBKDF2 would give you for the same amount of CPU time.

marshray on March 20, 2012 [–]

Perhaps it's more accurate to measure scrypt in terms of cache misses rather than CPU time? This is a different resource on multicore servers with different performance implications (at least if we're down to counting 3 or 4 bits of security).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact