• andrew@lemmy.stuart.fun
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’m arguing semantics here but bcrypt is the hashing function. Per the Wikipedia article on bcrypt:

    bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999.

    Blowfish being a symmetric encryption cipher, not a hashing function.

    Agreed on the rest, though. The hashing cost of a long password would not lead to DOS any more than the bandwidth of accepting that password etc. It’s not the bottleneck. But also no extra security beyond a point, so might as well not bother when passwords are too long.

    • confusedbytheBasics@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Semantics aside it sounds like we are in agreement. Have another upvote. :)

      Why does upvoting feel better without a karma system? shrug