开发者

Algorithm for one way password encryption

What is the most secure one way encryption algorithm to encrypt passwords?

MD5 and SHA (1..512) are frequently used, but they are designed for speed what is bad for preventing brute force attacks on encrypt开发者_开发百科ed passwords.

The algorithm shouldn't be too exotic, so that it can be used with common programming languages / runtimes like Java, .NET or Python.


BCrypt or SCrypt. Why? because they where designed to be slow instead of fast.

see also: How to securely hash passwords? on security.stackexchange.com


Hashing alone won't save you, as can be read in other posts on the topic.

bcrypt and scrypt are indeed good choices, but they're not supported out of the box by most languages. Although it really shouldn't be a problem to find a library that supports them. In addition to these two, you could use password-based encryption (PBE) as described in PKCS#5, ideally with PBKDF2. There should be built-in support for PBE almost anywhere.


People are using BCrypt, a cryptography method, because it's very slow.

See: http://codahale.com/how-to-safely-store-a-password/ and http://www.openwall.com/crypt/

Also take a look at this question: https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage

SHA512 vs. Blowfish and Bcrypt

https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜