|
|
|
|
|
|
by bradleyland
5474 days ago
|
|
|
Let me back up here and try to be less smarmy and more straight with the facts of the matter. The primary reason I think your idea isn't favorable to using bcrypt is because of the weight of experience and research. Dropping bits from your salt might be a perfectly valid crypto protection technique, but when it comes to crypto, I'm inclined to go with research over cleverness. If dropped bits from the salt were a viable means of securing passwords, I'd imagine that someone would have implemented something like this already. It's one of those "oh, that's clever" ideas, but the cleverness trap is a dangerous thing. Just because something is clever doesn't make it good. This is one of the most oft repeated warnings when it comes to crypto: don't build your own, you'll do it wrong. |
|
|