What can you tell us about the actual peer review process that you think was involved with PBKDF2?
(Me just saying it won't be nearly as impactful, because apparently I'm in the tank for bcrypt).
Don't know? This will make a worthwhile 30 minute Googling project. That's what I do when I get in over my head, and I promise, learning about adaptive hashing is going to be more useful than reading court decisions about what does or doesn't constitute a breach of the duty of loyalty for a company director (to cite my last Google dive from HN).
You seem to have the mistaken opinion I'm arguing for a particular outcome. My point is simple: you can't say RSA is crap because an admin failed. I'm not saying anything else. If you are reading something else into my statement, stop it. If you have information that is relevant to why you shouldn't trust the ciphers from RSA, dish it up. Like I said, I'd love to read it.
It is possible to point out a logical phalacy while having no beliefs (or, in fact, deep knowledge [or, perhaps, religion?]) regarding what the phalacy pertains to.
No, I'm asking you to take a subject you're obviously engaged in and spend a couple minutes researching it before you write your next comment about it. Not to be a jerk, but because (a) the whole thread would benefit and (b) I can vouch, for you, that this is worth your time as a software developer to do.
So: up for it? Is a couple minutes of Google time and the direct attention from several software security experts to learn lots and lots about key derivation functions and password hashes worth it to you?
(Me just saying it won't be nearly as impactful, because apparently I'm in the tank for bcrypt).
Don't know? This will make a worthwhile 30 minute Googling project. That's what I do when I get in over my head, and I promise, learning about adaptive hashing is going to be more useful than reading court decisions about what does or doesn't constitute a breach of the duty of loyalty for a company director (to cite my last Google dive from HN).