I'm not talking about server-side node.js.
I want to use a slow hashing algorithm for a key on the client-side of my site. I have found implementations of SHA-256 which seem to be reliable. I also found this question which lead to the OP creating his own library.
However, I'm not sure if I should just do multiple rounds of SHA hashing or trust some of that code since I'm not a security expert and it doesn't seem to have a large following only being "stared" by 36 people.
What is the best choice in this case? I (basically) cannot change methods once I choose something.
I want a slow hashing (not encryption) algorithm and I would rather it produced a short string. For example, a slow 60 char bcrypt vs fast 70 char SHA-256.
SCrypt is a better choice today: better design than BCrypt (especially in regards to memory hardness) and has been in the field for 10 years. On the other hand, it has been used for many cryptocurrencies and we have a few hardware (both FPGA and ASIC) implementation of it.
Bcrypt was not designed for encrypting large amounts of data. It is best implemented for passwords, however SHA-256 is better for large amounts of data because it is less costly and faster.
bcrypt is designed to be slow and not to allow any shortcut. Show activity on this post. It takes more effort to brute force attack the password. The slower the algorithm, the less guesses can be made per second.
The problems present in traditional UNIX password hashes led naturally to a new password scheme which we call bcrypt, referring to the Blowfish encryption algorithm. Bcrypt uses a 128-bit salt and encrypts a 192-bit magic value. It takes advantage of the expensive key setup in eksblowfish.
There are currently three key-derivation functions widely considered to be secure against brute force cracking attempts. Key-derivation functions are slightly different from regular hashing algorithms in that they are designed to be slow, even in the face of modern GPU-based computation.
I'll list them in order of theoretical security:
PBKDF2 is designed by RSA, based on SHA, and is the algorithm recommended by NIST. There's a couple implementations that you could use in a browser.
Note to Node users: Node's crypto
module has a built-in PBKDF2 function. Use that.
bcrypt, based on Blowfish, is slightly more secure than PBKDF2. It has been relatively well-tested and verified secure, but does not have a stamp of approval from any standards bodies, if that's a consideration for you. There's a generic JS implementation here.
Note to Node users: Use node.bcrypt, which performs the computationally expensive stuff on a separate thread.
Finally, scrypt is far and away the most theoretically secure (slowest) KDF. Unfortunately, the algorithm is very new, so it has not been validated by rigorous study and testing by the cryptographic community. It is, however, on track to become a IETF standard.
Because the algorithm is so new, it is hard to find implementations. I could only find this half-baked one. While the security benefits are very promising, I would not recommend scrypt until both the algorithm itself and its implementations are verified secure.
How do these three actually compare? The scrypt paper has a comparison:
Realistically, even PBKDF2 makes it cost-prohibitive for anyone but a government to crack a single 8-character password.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With