What's the advantage of scrypt over bcrypt?


Security Problem Overview

I'm looking at ways to securely store passwords. Some people claim that scrypt is "better" than bcrypt, and so far I've seen nobody who claims vice versa or that scrypt is insecure, though some call bcrypt "more reputable".

What's the advantage of scrypt over bcrypt? According to the scrypt website, "the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt". If that's the only advantage then can't I just use bcrypt with a larger number of rounds?

Security Solutions

Solution 1 - Security

With scrypt in addition to increasing computation you can increase the amount of memory needed to compute the hash. This doesn't bother software implementations much but is much harder to implement with hardware - which is what a dedicated attacker is likely to develop and use.

bcrypt (and PBKDF2) use constant, and small, amounts of memory.


All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionHongliView Question on Stackoverflow
Solution 1 - SecurityoripView Answer on Stackoverflow