> Why not? An attacker can, after all, brute-force your password on a
> machine of his choice. Silently decreasing the number of rounds on older
> architectures surprises the user in a way that can lead to password
> compromise ("My password was brute-forced because I used it on a sparc?!
> I would have been fine on amd64? Huh? What happened to 'secure by
> default'?!")> .. and I only use new machines... And that is exactly my point. By your logic let's switch you to a 2^25 round blowfish on you dumbass. you'd be incredibly secure. Show me colin percivals' peer reviewed paper about this new scheme, and where it has been compared to bcrypt. then go read neil's paper on the subject please.
