|
|
|
|
|
|
by amjo324
3731 days ago
|
|
|
Bcrypt has built-in salts to prevent rainbow (i.e. lookup) table attacks. More to the point, modern password cracking doesn't usually involve the use of rainbow tables anyway. GPU speed has improved at such a rate that it's actually more practical to just compute all possible hashes from plaintexts (in a word list) to find a match rather than performing a lookup against a rainbow table that might have to be terabytes in size to be useful. Essentially, if you ever find yourself having to think about manually creating and incorporating salts into your password hashing mechanism, it's a telltale sign that you are using an unsuitable password hashing algorithm to begin with. Instead, you should almost always be using bcrypt, scrypt or PBKDF2 as per current best practice. |
|
|