This is the follow up on the previous article: modern password hashing. In case you didn’t read it, bcrypt is slow hashing algorithm which is not vulnerable to rainbow table as it has built-in salt. Also, as it can be slowed down as much as you want, it can’t be broken even if computers get faster.

Recently, I realized that bcrypt is designed so that it’s difficult to attack it even with GPU. Also, there’s scrypt which has more ram requirement than bcrypt, effectively making it much more difficult to attack with hardware(say, gpu). Scrypt is used by chromium according to the design doc.