1. 2

    FiveThirtyEight has a pretty interesting post on this also from last fall http://fivethirtyeight.com/features/an-ode-to-kobe-bryant-in-two-charts/

    1. 3

      @codahale Given you wrote this in 2010 and updated it last in 2011, does this still apply in 2014? Are there not newer / better / sexier options available now? Why would you choose or not choose one of those?

      1. 5

        There is an enormous gulf between what came before bcrypt and the latest generation.

        1st gen: hashing (useless)

        2nd gen: hashing and salting (useful, but outdated. Now useless)

        3rd gen: slow hashing. Make the attacker actually do some work.

        I’ll include scrypt in 3rd gen. Maybe gen 3.5. At some point good enough is good enough.

        tptacek at HN has noted that nerds have the unfortunate tendency to invent controversies and always find “the best”. This then distracts from the primary message.