On Mon, Jul 28, 2014 at 5:24 PM, Pine W <wiki.p...@gmail.com> wrote: > Thank you. Out of curiosity, why bcrypt and not scrypt? There is debate in > the security community about which is better so my comment isn't intended > as criticism. I'm just interested in the thinking behind this decision. >
It is a matter of stability in PHP. Bcrypt has built-in support in PHP, as does PBKDF2, whereas scrypt requires an extension. It should be noted, however, that the patch that was merged implements an extensible password API, so it would be trivial to implement scrypt support if we wanted to. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
