Some one know flask-bcrypt vs werkzeug.security
tim-hub opened this issue · comments
former uses PBKDF while latter uses bcrypt
now "Why bcrypt is somewhat better than PBKDF2, Why bcrypt is not optimally secure, What NIST recommends" from Sep'2010
plus "SHA-256, in particular, benefits a lot from being implemented on a GPU. Thus, if you use SHA-256-crypt, attackers will be more at an advantage than if you use bcrypt, which is hard to implement efficiently in a GPU. ... Though SHA-256-crypt is not PBKDF2, it is similar enough in its performance behaviour on GPU, so the same conclusions apply." from Aug'2016
in other words, unless you serve US govt servants and hence must use FIPS / NIST rules, stick to bcrypt for time being.
[Duplicate](
- url
) of #``