You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks to PR #49, it can now support various algorithm with different cost factor.
However, just increasing pbkdf2 iteration might not be the best option to secure encrypt logic. The algorithm itself is pretty outdated as it does not have the cost factor for memory, which is significant in modern hardware(it's way easier to brute-force with good hardware, compared to algorithm which has a cost factor for memory).
According to OWASP, argon2 could be the best, but it's still not widely used in web, so scrypt algorithm could be the great alternative for pbkdf2(scrypt is also adopted in BIP38 and geth).
Scrypt is able to push pressure on memory heavily(similar to ethash), make it hard to brute-force attack(especially when parallel).
Best reference to implement this would be BIP38. I think it is the right direction to gradually move on to scrypt rather than increasing iterations in pbkdf2 as time goes.
If it does make sense, I will try to work on it with PR.
The text was updated successfully, but these errors were encountered:
Thanks to PR #49, it can now support various algorithm with different cost factor.
However, just increasing pbkdf2 iteration might not be the best option to secure encrypt logic. The algorithm itself is pretty outdated as it does not have the cost factor for memory, which is significant in modern hardware(it's way easier to brute-force with good hardware, compared to algorithm which has a cost factor for memory).
According to OWASP, argon2 could be the best, but it's still not widely used in web, so scrypt algorithm could be the great alternative for pbkdf2(scrypt is also adopted in BIP38 and geth).
Scrypt is able to push pressure on memory heavily(similar to ethash), make it hard to brute-force attack(especially when parallel).
Best reference to implement this would be BIP38. I think it is the right direction to gradually move on to scrypt rather than increasing iterations in pbkdf2 as time goes.
If it does make sense, I will try to work on it with PR.
The text was updated successfully, but these errors were encountered: