That table in Colin's paper is so great. Here's a direct link to just the table:

http://yfrog.com/j248cp

Microsoft Active Directory servers store passwords as plain MD4 hashes and have done so for more than a decade and will likely continue to do so for another decade. http://16s.us/ms_ad_hashes/

bcrypt was introduced at usenix in 1999, though the source was committed in 1997. Not 2002. The article links to some random utility called bcrypt that is completely unrelated to the bcrypt password hashing function.

When I think of bcrypt, I think of OpenBSD Blowfish hashes. I hate cracking those damn things. ;)

Thanks, I updated the post.

For the love of God, please switch off "mobile enhanced" versions of your blog. You can't pan around to view the tables because that switches to another article, complete with sparkly transition

See http://en.wikipedia.org/wiki/Application-specific_integrated... (ASIC)

nice summary. it is missing sha-crypt though.

Is sha-crypt different in a meaningful way from md5-crypt except spelled a little differently?

ehm. yes.

(to say something substantial: see http://www.akkadia.org/drepper/SHA-crypt.txt)