Password security: sha1, sha256 or sha512 | |
---|---|
Subject: | |
references: http://stackoverflow.com/questions/3897434/password-security-sha1-sha256-or-sha512
57 down vote Do not write your own password-hashing function! Leave this to seasoned cryptographers. Cryptography is hard to get right. Security is hard to get right. SHA1, SHA256 and SHA512 are message digests, not password-hashing functions. Currently, the only standard (as in sanctioned by NIST) password hashing or key-derivation function is PBKDF2. Other reasonable choices, if using a standard is not required, are bcrypt and the newer scrypt. Wikipedia has pages for all three functions:
Switching from SHA1 to SHA256 or SHA512 will not improve the security of the construction so much. Computing a SHA256 or SHA512 hash is very fast. An attacker with common hardware could still try tens of millions (with a single CPU) or even billions (with a single GPU) of hashes per second. Good password hashing functions include a work factor to slow down attackers. Here's another weakness in the above scheme: an attacker can precompute a password hash once and reuse it for every entry in the password file or database. Once the precomputation is done, computing the hashes for these passwords with a given salt value is trivial, because message digests work incrementally. Thus, the precomputations for $password can be reused to compute the hash for $password.$salt for every value of $salt in the password file. Here are some suggestions for PHP programmers: first, read the PHP FAQ: http://php.net/manual/en/faq.passwords.php and then use crypt() or PHPPASS: http://www.openwall.com/phpass/. | |
2015-04-26 08:21:10 | gstlouis |
gstlouis | |
2015-04-26 09:49:53 | |