Folks, for most implementations here there are basically 2 issues to consider (if we rule out man-in-the-middle attacks):
(1) If your attack is from inside (i.e., someone has your database), you still need a salt. Don't let the rhetoric fool you. Even bcrypt uses a salt, although I have seen diagrams of its operation that never mention that little fact. The only real difference is that the salt and the encrypted password are stored, concatenated, in one database field.
(2) If you are ONLY concerned with attack from outside (i.e., an automated dictionary attack against your password field), then you get just as much functionality -- in some ways more -- by introducing a small server-side delay, and using your old hashing scheme... SHA or whatever. You actually have an advantage here because unlike bcrypt, you never have to increase some "work factor"... you just keep using the same delay value. And note that a password hashed with bcrypt at one work factor is not compatible with bcrypt running at a different work factor. They would have to be converted. (There's a "version" field in the encrypted password that is supposed to alleviate this problem somehow, but I am not sure how because that number does not seem to be related to the "work factor" at all. Work factors are user-adjustable. Version numbers are not.)
Further, I would like to add that I am not convinced that this "work factor" is cryptographically sound. What it does is cause the key setup stage to be implemented 2^N times, where N is your work factor. However, blowfish was designed such that an ideal number of rounds was built in to the key setup, in order to achieve full coverage of the key bits with the S-boxes. It is not only possible but maybe even likely that by increasing the rounds beyond that number adds nothing cryptographically. In fact there is a good likelihood that it reduces the cryptographic strength of blowfish.
For a very simplistic example: "encrypting" a message with Rot-13 might keep your kid sister from reading it easily. But encrypt it beyond the ideal number of times -- do it twice for example -- and the message is readable again! You can say "big deal, this isn't Rot-13", but the same idea applies... or at least could apply. Until I see a mathematically rigorous proof that extra key setup rounds do not regress the cryptographic strength, I will remain unconvinced. I read the Neils Provos and David Mazieres paper (I have it right here), and they do not even remotely show that cryptographic strength is any better with more rounds (or, for that matter, that it is not worse). They merely state that they "hope" that is the case. (Quote: "We hope that the unpredictable and changing content of the P-array and S-Boxes will reduce the applicability of yet unknown optimizations.")
Not very encouraging for something dealing with cryptography!
Sure... it will take more time with a higher work factor. But until the method is proven (and it's not), you run the risk of weakening the strength of your encryption.
Cryptography is a complex subject. You can't just willy-nilly toss something together like this and say you "hope" it works (as Neils Provos and David Mazieres did), and call it good. And anybody who places their trust in it without better analyses deserves what they get if it comes crashing down later.
I can do it even better. As long as it's being done on your own server, and you are only concerned with outside threats, then toss bcrypt over the side, and you can do that in 2 easy steps:
[1] pause for 0.2 seconds (make sure the delay does not block other threads), and
[2] compute your goddamned hash the same way you have always done.
I get so tired of this. Almost ALL of you are thinking with blinkers on. The password field of your website is not the only vulnerability! Most, of the time, an even bigger vulnerability is PEOPLE. People at your company, for example, who have access to the database.
Listen up: rainbow tables CAN BE and ARE of a concern if you run a website, because unless you use a salt, anybody who has access to your database can (speaking figuratively) rainbow-table it straight into their bank account.
Stop thinking about JUST web pages and password fields. That is a mistake some banks and other corporations made, and their databases are now -- remember? -- available for download online.
Let's cut to the chase. OP is right. cUrl is a shitty way to install software. All these other arguments are peripheral to the central issue, which is simply that cUrl is a shitty way to install software. Reasons have already been given, arguments have already been made, and no difference has been made.
Folks, for most implementations here there are basically 2 issues to consider (if we rule out man-in-the-middle attacks):
(1) If your attack is from inside (i.e., someone has your database), you still need a salt. Don't let the rhetoric fool you. Even bcrypt uses a salt, although I have seen diagrams of its operation that never mention that little fact. The only real difference is that the salt and the encrypted password are stored, concatenated, in one database field.
(2) If you are ONLY concerned with attack from outside (i.e., an automated dictionary attack against your password field), then you get just as much functionality -- in some ways more -- by introducing a small server-side delay, and using your old hashing scheme... SHA or whatever. You actually have an advantage here because unlike bcrypt, you never have to increase some "work factor"... you just keep using the same delay value. And note that a password hashed with bcrypt at one work factor is not compatible with bcrypt running at a different work factor. They would have to be converted. (There's a "version" field in the encrypted password that is supposed to alleviate this problem somehow, but I am not sure how because that number does not seem to be related to the "work factor" at all. Work factors are user-adjustable. Version numbers are not.)
Further, I would like to add that I am not convinced that this "work factor" is cryptographically sound. What it does is cause the key setup stage to be implemented 2^N times, where N is your work factor. However, blowfish was designed such that an ideal number of rounds was built in to the key setup, in order to achieve full coverage of the key bits with the S-boxes. It is not only possible but maybe even likely that by increasing the rounds beyond that number adds nothing cryptographically. In fact there is a good likelihood that it reduces the cryptographic strength of blowfish.
For a very simplistic example: "encrypting" a message with Rot-13 might keep your kid sister from reading it easily. But encrypt it beyond the ideal number of times -- do it twice for example -- and the message is readable again! You can say "big deal, this isn't Rot-13", but the same idea applies... or at least could apply. Until I see a mathematically rigorous proof that extra key setup rounds do not regress the cryptographic strength, I will remain unconvinced. I read the Neils Provos and David Mazieres paper (I have it right here), and they do not even remotely show that cryptographic strength is any better with more rounds (or, for that matter, that it is not worse). They merely state that they "hope" that is the case. (Quote: "We hope that the unpredictable and changing content of the P-array and S-Boxes will reduce the applicability of yet unknown optimizations.")
Not very encouraging for something dealing with cryptography!
Sure... it will take more time with a higher work factor. But until the method is proven (and it's not), you run the risk of weakening the strength of your encryption.
Cryptography is a complex subject. You can't just willy-nilly toss something together like this and say you "hope" it works (as Neils Provos and David Mazieres did), and call it good. And anybody who places their trust in it without better analyses deserves what they get if it comes crashing down later.