> So skimping on security is always a terrible idea. If you know of a way to increase security, then you should increase it.
This is what all of the "security" vendors would like you to believe. It completely ignores the value of the assets you are securing.
How many rounds do you use with PBKDF2 if you want to slow down attackers? You can always add more rounds to slow down brute forcing, so how would you reconcile this with your statement of always increasing security. The same applies to bcrypt.
This is what all of the "security" vendors would like you to believe. It completely ignores the value of the assets you are securing.
How many rounds do you use with PBKDF2 if you want to slow down attackers? You can always add more rounds to slow down brute forcing, so how would you reconcile this with your statement of always increasing security. The same applies to bcrypt.