[fpc-pascal] is scrypt available?

Jonas Maebe jonas.maebe at elis.ugent.be
Fri Oct 30 17:06:22 CET 2015

Frederic Da Vitoria wrote on Fri, 30 Oct 2015:

> 2015-10-30 16:39 GMT+01:00 Jonas Maebe <jonas.maebe at elis.ugent.be>:
>> Never ever use CRC32 in a crypto context, it's completely unsuited and
>> easily cracked. The subject of this thread is already about finding an
>> implementation for scrypt, which is a (at this time considered) secure
>> hashing algorithm.
> My point is precisely that in this situation, there would be nothing to
> crypt. Just check validity.

Yes, that's what *secure* hash functions are for. CRC32 is not secure  
in any way. scrypt and bcrypt are secure.

> So use CRC64 if you want (the size difference
> won't probably be relevant by current standards), but don't store the
> actual password. What isn't there can't be cracked, not even with future
> technology :-)

It can already be cracked very quickly with yesterday's technology,  
using so-called rainbow tables. Or even just by quickly creating a  
hash collision, see e.g.  
http://www.irongeek.com/i.php?page=videos/weak-hashing-algorithms-outlook-pst-file-crc32-password-cracking-example or  


More information about the fpc-pascal mailing list