aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual/passhash.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/manual/passhash.rst')
-rw-r--r--doc/manual/passhash.rst13
1 files changed, 11 insertions, 2 deletions
diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst
index 417e58265..b3db1f3e7 100644
--- a/doc/manual/passhash.rst
+++ b/doc/manual/passhash.rst
@@ -75,8 +75,13 @@ Bcrypt Password Hashing
:wikipedia:`Bcrypt` is a password hashing scheme originally designed
for use in OpenBSD, but numerous other implementations exist.
-It is made available by including ``bcrypt.h``. Bcrypt provides
-outputs that look like this::
+It is made available by including ``bcrypt.h``.
+
+It has the advantage that it requires a small amount (4K) of fast RAM
+to compute, which can make hardware password cracking somewhat more
+expensive.
+
+Bcrypt provides outputs that look like this::
"$2a$12$7KIYdyv8Bp32WAvc.7YvI.wvRlyVn0HP/EhPmmOyMQA4YKxINO0p2"
@@ -104,6 +109,10 @@ Botan also provides a password hashing technique called passhash9, in
"$9$AAAKxwMGNPSdPkOKJS07Xutm3+1Cr3ytmbnkjO6LjHzCMcMQXvcT"
+This function should be secure with the proper parameters, and will remain in
+the library for the forseeable future, but it is specific to Botan rather than
+being a widely used password hash. Prefer bcrypt.
+
.. cpp:function:: std::string generate_passhash9(const std::string& password, \
RandomNumberGenerator& rng, u16bit work_factor = 10, byte alg_id = 1)