sorry for flooding the group with messages but I have been trying to post a topic yesterday twice but this got lost so I changed the account to see if there might be a problem with it.
However, here’s my post:
I have been reading a great article about Storing User Passwords Securely: hashing, salting, and Bcrypt in which the author says that using bcrypt as the main password hashing method is safer than for example using sha-based password hashing methods since it is slower, making it harder (or more time consuming) to perform hardware-based database attacking.
The author points out that this is due to the repeating-nature of the bcrypt function. I have taken a look at the WAMP-CRA authentication methods and it seems like this is using a self-implemented variant of PBKDF hashing.
My question is, how safe is this compared to the bcrypt-version? Would switching to bcrypt improve security against attacks?