On 1/3/2012 5:25 PM, Charles Marcus wrote:
I think ya'll are missing the point... not sure, because I'm still not completely sure that this is saying what I think it is saying (that's why I asked)...
I'm sure I'm not missing the point. My comment was that password length and complexity are probably more important than bcrypt versus sha1, and you've already addressed those. Given that you use strong 15-character passwords, pretty much all hash functions are already out of reach for brute force. bcrypt is probably better in the same sense that it's harder to drive a car to Saturn than it is to drive to Mars.
