Hacker News new | ask | show | jobs
by jacques_chester 4678 days ago
He's saying that rolling your own with functions designed to run as fast as possible, with or without salt, is not going to give you much security.

What you want is functions that run slowly, thus increasing attack cost.
1 comments
rdtsc 4678 days ago
Moreover, unless you are Schneier or tptacek don't create your own obscure slow function, use a well known one like scrypt.
link
cperciva 4678 days ago
unless you are Schneier or tptacek

ahem...

link
rdtsc 4678 days ago
/cough cough ... or cperciva
link