One-Way Password Encryption Algorithm

Question

One-Way Password Encryption Algorithm

What is the most secure one type encryption algorithm for password encryption?

MD5 and SHA (1..512) are often used, but they are designed for speed, which is bad for preventing brute force attacks on encrypted passwords.

The algorithm should not be too exotic, so it can be used with common programming languages / runtimes such as Java, .NET or Python.

+4

security passwords password-protection encryption hash

deamon Aug 2 '11 at 11:51

source share

3 answers

Hashing alone will not save you, as you can read in other related posts.

bcrypt and scrypt are really good choices, but most languages are not supported. Although it really shouldn't be a problem to find a library that supports them. In addition to these two, you can use password-based encryption (PBE) as described in PKCS # 5 , ideally with PBKDF2. There should be built-in PBE support almost anywhere.

+2

emboss Aug 2 '11 at 12:13

source share

People use the BCrypt cryptographic method because it is very slow.

See: http://codahale.com/how-to-safely-store-a-password/ and http://www.openwall.com/crypt/

Also consider this question: https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage

SHA512 vs Blowfish and Bcrypt

https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords

+1

woliveirajr Aug 2 '11 at 12:12

source share