Welcome!
This is the community forum for my apps Pythonista and Editorial.
For individual support questions, you can also send an email. If you have a very short question or just want to say hello — I'm @olemoritz on Twitter.
bcrypt - is there a bcrypt lib that can be used with Pythonista?
-
@omz , I installed. I ran the exact same script as you.
First time ever run , 17.10122nd time , 17.1633
3rd time, 17.1605Ipad pro, 128gb iOS 9.2.1
-
@SimCityWok , would be nice to see what your PC reports with the same script and also your pc spec
-
@omz , ok I also tried it in Pythonista 3. Yes, the numbers are not great, but I am sure that's because of debugging symbols or whatever they are called now.
But the good news is stash worked flawlessly and so did Pythonista
import timeit result = timeit.timeit("pyscrypt.hash(password= b'foobar', salt= b'seasalt', N=1024, r=1, p=1, dkLen=32)", setup="import pyscrypt", number=100) print(result)
-
@Phuket2 Unfortunately, Python 3 is usually a bit slower than Python 2. The difference in this case seems to be quite extreme though – maybe it's something about the algorithm, or the pyscrypt code is perhaps better optimized for Python 2 – I don't know... But the results are also much worse on my MacBook with Python 3 – it takes almost twice as long, and that's running the official Python 3.5.1, so I don't really think this is because of debug symbols in Pythonista or anything like that.
-
@omz , ok. It was close to 3 times slower for me. In their python3 example they have dkLen=256 instead of 32. I tried that also. Close to the same
-
@omz. Look I don't know how much is really being done in your test case compared to what @SimCityWok is doing where he says it takes mins on his pic. But your test is executing 100 times. 1 unit is still well under a second. I am not sure how much extra work he is doing. But something does not sound right.
-
Okay, so I am not new to cryptography, but why would a hashing algorythm be insecure? Isn't it just an algorythm that changes text into a text that is always the same thing when hashed?
I don't understand how a random piece of text can be insecure of there is no way to decrypt it other than just running through all possible pieces of text, hashing them, and seeing if they match. It just doesn't make sense to me.Maybe somebody could enlighten me?
-
@AtomBombed , for me it was about being it reliable and robust. Example, if it's not widely used , could have a weird bug that under certain conditions corrupts the hash or maybe it's not strong enough etc.
but because I don't know how it works make these questions important for me. even studying the code would not help me. I am sure I would struggle to get my head around it. 😱 -
@AtomBombed I'm not an expert, but from my understanding, it's mostly about how fast the hashing algorithm is – the slower, the better. If you get your hands on a database of usernames and hashed passwords, a weak (i.e. fast) hash (like MD5) makes it a lot easier to translate a large number of these hashes back to the original passwords, simply by trying all words in a very long list. You can compute millions of MD5 hashes in seconds. But if it takes a modern computer minutes to check just a couple hundred words or so, a brute-force attack is much less feasible.
-
@omz ah, that makes much more sense now. Thanks!
-
@omz said:
@AtomBombed I'm not an expert, but from my understanding, it's mostly about how fast the hashing algorithm is – the slower, the better. If you get your hands on a database of usernames and hashed passwords, a weak (i.e. fast) hash (like MD5) makes it a lot easier to translate a large number of these hashes back to the original passwords, simply by trying all words in a very long list. You can compute millions of MD5 hashes in seconds. But if it takes a modern computer minutes to check just a couple hundred words or so, a brute-force attack is much less feasible.
@omz said:
@AtomBombed I'm not an expert, but from my understanding, it's mostly about how fast the hashing algorithm is – the slower, the better.
This is exactly why scrypt is so slow. It's designed to be RAM intensive to slow ASICs. The context which I'm familiar using scrypt is in crypto-currency, namely Litecoin, and for Bitcoin's password protected private keys (aka BIP39)
-
@AtomBombed said:
Okay, so I am not new to cryptography, but why would a hashing algorythm be insecure? Isn't it just an algorythm that changes text into a text that is always the same thing when hashed?
I don't understand how a random piece of text can be insecure of there is no way to decrypt it other than just running through all possible pieces of text, hashing them, and seeing if they match. It just doesn't make sense to me.Maybe somebody could enlighten me?
basically, there can be shortcuts, like the NSA's backdoor in the NIST curve
AFAIK, bcrypt is old-school and has stood the test if time. Scrypt, not so much.
-
@SimCityWok oh. Okay.