|
|
|
|
|
|
by amjo324
3728 days ago
|
|
|
"The rationale was that as technology progressed and password cracking became easier, users could be contacted to update their password." I would argue that this a misguided motivation for storing the password entropy. Bcrypt is purposefully designed to combat the problem of more efficient brute-forcing due to future GPU/CPU speed improvements by incorporating a 'work factor'. At any time, application owners can specifically increase the work factor and the hashing process will be intentionally slowed further. In this way, the future reversibility of the password hashes can be reduced without requiring that users update their passwords. |
|
|