Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the recommended hashing algorithm to use for stored passwords?

Tags:

passwords

hash

encryption

Given the known weaknesses of MD5 and the recent (May 2009) weaknesses discussed in SHA1, how should new programs be salting & hashing their passwords?

I've seen SHA-256 and SHA-512 suggested.

Programming predominately in Ruby on Rails and using PostgreSQL -- but other languages and environments might also have to calculate password hashes.

like image 486
Hissohathair Avatar asked Mar 31 '10 02:03

Hissohathair

People also ask

What algorithms are currently acceptable to use when storing passwords?

PBKDF2 is recommended by NIST and has FIPS-140 validated implementations. So, it should be the preferred algorithm when these are required. PBKDF2 requires that you select an internal hashing algorithm such as an HMAC or a variety of other hashing algorithms. HMAC-SHA-256 is widely supported and is recommended by NIST.

Is SHA-256 good for passwords?

SHA-256 is one of the most secure hashing functions on the market. The US government requires its agencies to protect certain sensitive information using SHA-256.

Why is hashing the recommended technique for storing passwords?

Hashing is almost always preferable to encryption when storing passwords inside databases because in the event of a compromise attackers won't get access to the plaintext passwords and there's no reason for the website to ever know the user's plaintext password.

Is sha512 better than SHA-256?

The reason why SHA-512 is faster than SHA-256 on 64-bit machines is that has 37.5% less rounds per byte (80 rounds operating on 128 byte blocks) compared to SHA- 256 (64 rounds operating on 64 byte blocks), where the operations use 64-bit integer arithmetic.

2 Answers

SHA-256 and SHA-512 are safe for the foreseeable future. They belong to the SHA-2 family, against which no attacks have been identified so far. This wikipedia page says that Unix and Linux vendors are just now moving to SHA-2 for their secure hashing of passwords. The SHA-3 family, with even stronger algorithms, is being developed, but won't be ready until 2012 at the least.

P.S: Unless you're hiding secret agent names from governments, you'll be safe with SHA-1 as well, but if it's no trouble implementing SHA-2, just use that one instead.

like image 182
Eli Bendersky Avatar answered Sep 19 '22 05:09

Eli Bendersky

Use a slow function like bcrypt. Here is a post from the Phusion guys.

like image 32
Patrick Avatar answered Sep 18 '22 05:09

Patrick
Sign in to Comment

Related questions

Encrypt message for Web Push API in Java
What are the differences between MD5 binary mode and text mode?
Encrypting values using Amazon KMS, storing / retrieving using DynamoDB with Lambda (NodeJS)
Secure / Encrypt log4j files
NumberFormatException on valid number String
Android: decrypt RSA text using a Public key stored in a file
Cryptography for P2P card game
C# Encryption to PHP Decryption
How can I use an Encrypted Password to a Maven Repository in Gradle
MemoryStream to String, and back to MemoryStream without adding any bytes (encodings, etc.)
Length of Encrypted String
.NET implementation (libraries) of elliptic curve cryptography
Cross platform (php to C# .NET) encryption/decryption with Rijndael
Error after Fingerprint touched on Samsung phones: android.security.KeyStoreException: Key user not authenticated
Where's the encryption key stored in Jenkins?
postfix and openJDK 11: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)"
Is a GUID a good key for (temporary) encryption?
AES encryption: InvalidKeyException: Key length not 128/192/256 bits
How to encrypt/decrypt URL parameters in javascript?
Is there any difference, if I init AES cipher, with and without IvParameterSpec

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!