

Ask HN: SCRYPT or BCRYPT? - Ixiaus

I've known about Colin Percival's scrypt library for a while now but I don't have the cryptographic background to validate his research/implementation. Is there anyone with such a background or a reference to someone that's written up a validation of Colin's work?<p>Should I even bother? I gather from Colin's writings that he wrote scrypt to replace bcrypt and that it is, from him, stronger.
======
hrasm
This page [http://programmers.stackexchange.com/questions/46716/what-
sh...](http://programmers.stackexchange.com/questions/46716/what-should-a-
developer-know-before-building-a-public-web-site) suggests that both bcrypt
and scrypt can be used (4th bullet under 'Security'). Disclosure: I added the
scrypt part alongwith the references which the mods haven't deleted yet (so I
am guessing it is ok).

I just went with bcrypt in my project for now because postgresql has it as a
built-in function. I couldn't find for scrypt that was readily usable.

Here is a good argument on why scrypt is better:
[http://it.slashdot.org/comments.pl?sid=1987632&cid=35149...](http://it.slashdot.org/comments.pl?sid=1987632&cid=35149842)
(the second ref link for bcrypt on the above stackexchange page)

