What is the safest algorithm in the Kohana auth module?

Question

What is the safest algorithm in the Kohana auth module?

I would prefer to use the crypt function and use blowfish encryption, but the current implementation of this module uses a hash function that does not offer this encryption method. So what is the safest algorithm in the Kohana auth module? Would SHA-512 be a good option, or would I rather modify the module to use crypt and blowfish?

+4

authentication encryption crypt blowfish kohana

amgeex Dec 08 '09 at 20:22

source share

2 answers

SHA-512 seems to be your best bet.

To summarize related content with danieltalsky's answer, the bad thing about SHA-512 is that it is fast. This is a great hash, but SHA-512 speed means that an attacker with a copy of your hashed passwords can do more guessing per second. bcrypt is a much slower hash, so it will take longer to verify each password guess, and therefore, one of the weak user passwords can be found longer.

You can go and try adding bcrypt or some form of extension to the Kohana authorization module, but your time is probably better spent to make sure your server throttles the speed at which users can try to log into the system.

+1

Theran Dec 9 '09 at 4:34

source share

danieltalsky · Accepted Answer · 2009-12-08T20:50:55+0000

From the answer to this stackoverflow question: SHA512 vs Blowfish and Bcrypt

Suffice it to say whether bcrypt or SHA-512 is really good enough. And also the answer is yes, or an algorithm for a violation to occur through a lack of implementation, and not cryptanalysis.

In other words, it seems more reasonable to use a somewhat simplified implementation already in Cohan against trying to modify the module and potentially introduce new implementation errors.

What is the safest algorithm in the Kohana auth module?

More articles: