I’m arguing semantics here but bcrypt is the hashing function. Per the Wikipedia article on bcrypt:
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999.
Blowfish being a symmetric encryption cipher, not a hashing function.
Agreed on the rest, though. The hashing cost of a long password would not lead to DOS any more than the bandwidth of accepting that password etc. It’s not the bottleneck. But also no extra security beyond a point, so might as well not bother when passwords are too long.
I’m arguing semantics here but bcrypt is the hashing function. Per the Wikipedia article on bcrypt:
Blowfish being a symmetric encryption cipher, not a hashing function.
Agreed on the rest, though. The hashing cost of a long password would not lead to DOS any more than the bandwidth of accepting that password etc. It’s not the bottleneck. But also no extra security beyond a point, so might as well not bother when passwords are too long.
Semantics aside it sounds like we are in agreement. Have another upvote. :)
Why does upvoting feel better without a karma system? shrug