On Fri, Apr 6, 2012 at 8:09 AM, Greg Hudson <ghud...@mit.edu> wrote: > I also want to caution that PBKDF2 does not provide strong protection > against offline dictionary attacks. Most cryptographic methods provide > exponential protection--I do a little bit more work to make you do twice > as much work. PBKDF2 provides only linear protection--I do twice as > much work to make you do twice as much work. It does not make > dictionary attacks "impossible" in the same sense that AES-128 makes > decryption without knowing the key "impossible".
Is it worth looking at scrypt[1] instead of PBKDF2? -- justin 1. http://www.tarsnap.com/scrypt.html
