On Mon, Jul 28, 2014 at 5:24 PM, Pine W wiki.pine@gmail.com wrote:
Thank you. Out of curiosity, why bcrypt and not scrypt? There is debate in the security community about which is better so my comment isn't intended as criticism. I'm just interested in the thinking behind this decision.
It is a matter of stability in PHP. Bcrypt has built-in support in PHP, as does PBKDF2, whereas scrypt requires an extension. It should be noted, however, that the patch that was merged implements an extensible password API, so it would be trivial to implement scrypt support if we wanted to.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science