On Mon, Jul 28, 2014 at 5:24 PM, Pine W <wiki.pine(a)gmail.com> wrote:
Thank you. Out of curiosity, why bcrypt and not
scrypt? There is debate in
the security community about which is better so my comment isn't intended
as criticism. I'm just interested in the thinking behind this decision.
It is a matter of stability in PHP. Bcrypt has built-in support in PHP, as
does PBKDF2, whereas scrypt requires an extension. It should be noted,
however, that the patch that was merged implements an extensible password
API, so it would be trivial to implement scrypt support if we wanted to.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science