I honestly wouldn't ask if I thought that bcrypt could be cracked by knowing the number of iterations.
Now there may be other bcrypt attacks out there, but none have been announced, and the usage of bcrypt was announced in the text of the post.
Furthermore, if you have the hash, you have the number of rounds. I just have no desire to see if I can download the data (I don't trust random sites, and frankly I don't want the data).
Security by obscurity is not worth the price you pay for it.
> Security by obscurity is not worth the price you pay for it.
That's why I was posting this. Many people think that because of the Kerckhoff principle you should always disclose everything. But obscurity is not always a bad thing and it can be part of the obfuscation here. Although here it was indeed a good thing since admins are gonna up the cost of their kdf following advice from the community.
Now there may be other bcrypt attacks out there, but none have been announced, and the usage of bcrypt was announced in the text of the post.
Furthermore, if you have the hash, you have the number of rounds. I just have no desire to see if I can download the data (I don't trust random sites, and frankly I don't want the data).
Security by obscurity is not worth the price you pay for it.