Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
I’m arguing semantics here but bcrypt is the hashing function. Per the Wikipedia article on bcrypt:
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999.
Blowfish being a symmetric encryption cipher, not a hashing function.
Agreed on the rest, though. The hashing cost of a long password would not lead to DOS any more than the bandwidth of accepting that password etc. It’s not the bottleneck. But also no extra security beyond a point, so might as well not bother when passwords are too long.
I’m arguing semantics here but bcrypt is the hashing function. Per the Wikipedia article on bcrypt:
Blowfish being a symmetric encryption cipher, not a hashing function.
Agreed on the rest, though. The hashing cost of a long password would not lead to DOS any more than the bandwidth of accepting that password etc. It’s not the bottleneck. But also no extra security beyond a point, so might as well not bother when passwords are too long.
Semantics aside it sounds like we are in agreement. Have another upvote. :)
Why does upvoting feel better without a karma system? shrug