search

angular-fullstack / generator-angular-fullstack

Yeoman generator for an Angular app with an Express server
https://awk34.gitbook.io/generator-angular-fullstack
6.12k stars 1.24k forks source link

Add support for Scrypt instead of PBKDF2 #2136

Open Awk34 opened 8 years ago

Awk34 commented 8 years ago

https://github.com/barrysteyn/node-scrypt

Koslun commented 8 years ago

More secure? More performant? More features?

Combination of above or something else?

Awk34 commented 8 years ago

More secure, really. Less performant, thus more secure. Should be fast but takes more resources to make breaking it harder. Also, it's been out since 2008, so it's not new enough to not trust.

Koslun commented 8 years ago

Sounds good.

macneib commented 8 years ago

why not bcrypt?

https://github.com/ncb000gt/node.bcrypt.js

Koslun commented 8 years ago

Seems like scrypt is kind of an evolution on bcrypt that can scale to future hardware better and at least for certain configurations may achieve better ratios regarding the time to generate passwords and effort for attacker to crack them. This post explains all three in question and specifically mentions that if you constrain scrypt to milliseconds it becomes functionally weaker than bcrypt: http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage

A lot of upvotes but would probably like to verify at least at what point bcrypt would be faster.

The FAQ on the node-scrypt also claims to be more secure:

I will end this section with a quote from Colin Percival (author of scrypt):

We estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.

Also found comments here to seem to further support the general claim: https://news.ycombinator.com/item?id=2004962. Though I still imagine that if you reduce the time spent to X milliseconds the difference might not be as great and possibly fall back into bcrypts favour as the previous stackexchange answer claimed.

davorb commented 8 years ago

Pretty good summary.

Koslun commented 8 years ago

@davorb So reading that and a linked blog post I understand it as scrypt being more secure on settings of the recommended 16+ MB. And as @Awk34 stated, since it's been out since 2008 it's not too new anymore.