Menu
This question made me start thinking about password hashing again. I currently use bcrypt (specifically py-bcrypt). I've heard a lot about PBKDF2, and scrypt.
What I'm wondering is if there are any "more modern" password hashing methods that I might not know about (because they're new, so people don't talk about them as much), or maybe other methods I don't know about.
And then going on from there, which one should I use? Most people seem to recommend bcrypt, but I wonder if that's just because it's old (read: well-known). scrypt seems better (variable amount of memory usage). I don't know much about PBKDF2.
So if I make a user-management scheme, which of these should I use? Or should I use something completely different?
750
Google recommends using stronger hashing algorithms such as SHA-256 and SHA-3. Other options commonly used in practice are bcrypt , scrypt , among many others that you can find in this list of cryptographic algorithms.
SHA-256 is one of the most secure hashing functions on the market. The US government requires its agencies to protect certain sensitive information using SHA-256.
Passwords should be hashed with either PBKDF2, bcrypt or scrypt, MD-5 and SHA-3 should never be used for password hashing and SHA-1/2(password+salt) are a big no-no as well. Currently the most vetted hashing algorithm providing most security is bcrypt. PBKDF2 isn't bad either, but if you can use bcrypt you should.
To the time of writing, SHA-256 is still the most secure hashing algorithm out there. It has never been reverse engineered and is used by many software organizations and institutions, including the U.S. government, to protect sensitive information.
PBKDF2 is used in WPA/WPA2 and Domain Cached Credentials 2 (AKA DCC2). You can change the iterations for the HMAC-SHA1 to increase security. This method of slowing down the cracking process is unbroken. However, since it is based on SHA1, you can call it GPU-friendly to attack.
Both, bcrypt and scrypt, use a lookup table. This memory dependence makes it GPU-unfriendly. The latest 28 nm GPU architectures however re-enable very fast access to memory.
For now you should favor bcrypt or scrypt. It is a good choice to use memory dependent hashes, but in the future this might change. Keep an eye on how GPU performance of the crackers increase. It is possible that they will reach an event horizon on which it will be better to switch back to just do GPU-friendly hashes but increase their iteration count.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
