Hacker News new | past | comments | ask | show | jobs | submit login

PeaZip also uses a PBKDF (PBKDF2). No longer the latest and greatest, but fine.



I guess I agree with calling PBKDF2 fine, but it may be good to know the caveats:

- Just because it says it uses PBKDF2 doesn't mean it is strong. The strength fully depends on the number of rounds it uses, and especially in legacy (>10 years old) software I see it a lot that some amount of rounds are hardcoded which can now be computed in a few milliseconds on a CPU

- PBKDF2 gives the attacker a ~1000x speedup. If your CPU spends 2 seconds on computing the hash every time, an attacker with a run-of-the-mill GPU spends 2 milliseconds per guess (500 guesses per second). Using something like Bcrypt or Argon2, that speedup gets to iirc "only" 12x (so if you spend 2 seconds, the attacker spends ~170 milliseconds or 6 guesses per second). Iirc this speedup is due to GPU RAM being faster than the main RAM. So while PBKDF2 isn't great, it's also not like it's broken: this has been a known property since forever and it's still orders of magnitude better than a plain hash




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: