With scrypt in addition to increasing computation you can increase the amount of memory needed to compute the hash. This doesn't bother software implementations much but is much harder to implement with hardware - which is what a dedicated attacker is likely to develop and use.
bcrypt (and PBKDF2) use constant, and small, amounts of memory.
发布评论
评论(1)
使用 scrypt 除了增加计算量之外,您还可以增加计算哈希所需的内存量。 这不会对软件实现造成太大影响,但用硬件实现要困难得多——这是专门的攻击者可能开发和使用的。
bcrypt(和 PBKDF2)使用恒定且少量的内存。
With scrypt in addition to increasing computation you can increase the amount of memory needed to compute the hash. This doesn't bother software implementations much but is much harder to implement with hardware - which is what a dedicated attacker is likely to develop and use.
bcrypt (and PBKDF2) use constant, and small, amounts of memory.