Geek Answers Handbook

What hashing algorithm should I use to store passwords?

I am not aware of the latest developments related to strong hashing algorithms; What currently do I prefer to store passwords?

In addition, how much more useful are means for pickling and stretching keys?

+4
source share
3 answers

As for the additional security provided by hashing, it depends on how many hash iterations you use. As an example, let's say that you decide to use 2 ^ 14 hash iterations. This increases the entropy of passwords by 14 bits. According to Moore Law, each additional bit of entropy provided by the hash means about 18 additional months to crack the password at the same time as today. This will be 21 years (14 x 18 months) before the iterated hash can be cracked at the same time as the original password can be cracked today.

Additional safety provided by salinization is that it prevents the use of rainbow tables.

+6
source

This post briefly explains hashing, salt hashing, custom salt hashing, and bcrypt.

+1
source

Check this.

This question in security.stackexchange is a good discussion of bcrypt vs. PBKDF2 - Do any bcrypt security experts provide password storage?

The key is that only a hash function will not prevent an attack in the precomplect (for example, a rainbow table). And adding salt will not protect you from vocabulary or brute force attacks. You are much better off using bcrypt or PBKDF2 than creating your own schema using a hash algorithm.

+1
source

More articles:


All Articles