Recomended hash algorithm

Asked Sep 07 '12 at 16:00

Active Oct 05 '12 at 09:13

Viewed 358 times

Possible Duplicate:
How to securely hash passwords?
Do any security experts recommend bcrypt for password storage?

What would you choose between:

PBKDF2 SHA256 (270,000 iterations)
bcrypt (12, 13 or 14 cost: 1-2 seconds)
scrypt: I don't know if my hosting will allow it

I have to choose an algorithm to store passwords in a MySQL DB.

I've just read that bcrypt isn't so secure, PBKDF2 is more tested (but it could be reasonably faster on GPU/FPGA), scrypt is too new (and not tested enough) but is almost unbreakable.

So, please give me advice (in regards a sensible data website) and explain me what is better and why.

edited Mar 17 '17 at 10:46

Community

asked Sep 07 '12 at 16:00

Surfer on the fall

What are your security requirements? Why are you using a hash algorithm? – GdD Sep 07 '12 at 16:01
@GdD ops, sorry.. I forgot it! – Surfer on the fall Sep 07 '12 at 16:03
A work factor that leads to 1 sec verification time opens you up to trivial DoS attacks. – CodesInChaos Sep 07 '12 at 16:48
@CodesInChaos and if I set up sleep function based on requests made? – Surfer on the fall Sep 07 '12 at 18:06

Recomended hash algorithm

0 Answers0