Bcrypt is slower than md5 Encryption By times. Does it mean that Bcrypt is a weakness? After all, the md5 of the salt is still not easy to crack. Bcrypt is slower than md5 Encryption By times. Does it mean that Bcrypt is a weakness?
After all, the md5 of the salt is still not easy to crack.
Reply content:
Bcrypt is slower than md5 Encryption By times. Does it mean that Bcrypt is a weakness?
After all, the md5 of the salt is still not easy to crack.
First, I don't know what the landlord saidBcrypt is tens of thousands of times slower than md5 Encryption
How does it come from.
Running 1000 times on my Macbook is about 100,000 times
My point is: Since encryption, isn't the goal of security the heaviest? Although we will encounter a balance between security and speed, I will still prefer to choose security. Otherwise, what do the people who come up with Bcrypt think about? Just a matter of speed, let's talk about Bcrypt, I think this is inappropriate.
Md5 salt value I do not advocate use: details of my article: http://segmentfault.com/a/1190000003024932
Depends on your specific use scenario.
Md5 encryption is fast. When the password only has a combination of lower-case letters and numbers, a good PC can cite all the passwords within 40 s.
Although Bcrypt is slow, it is not slow in verifying user passwords.
Bcrypt uses a series of different Blowfish encryption algorithms and introduces a work factor, which allows you to determine the cost of this algorithm. Because of this, the algorithm will not be faster because of the computer's CPU processing speed, which will shorten the algorithm time. Because you can increase the work factor to lower the performance.
How slow is bcrypt? If we compare it with MD5, if we use a work factor of 12, if we encrypt "cool", bcrypt takes 0.3 seconds, MD5 takes only one microsecond (one second per million ). That is to say, it takes only 40 seconds to complete all possible MD5-encoded password algorithms. It takes 12 years to use bcrypt.