Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Password hash
Password hash
  • El Forum
    Guest
  •  
#2
06-26-2012, 03:35 AM

[eluser]Jason Hamilton-Mascioli[/eluser]
Taken from an earlier post...

Quote:Use bcrypt. Actually - use php’s bcrypt implementation - crypt function (there are several different
options - best ones would be crypt_sha256, crypt_sha512 or crypt_blowfish). Imho -i’d go for crypt_sha512.

Why is it better?

Because it introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore’s law. As computers get faster you can increase the work factor and the hash will get slower.How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I’d be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security. Use it.


Messages In This Thread
Password hash - by El Forum - 06-26-2012, 02:53 AM
Password hash - by El Forum - 06-26-2012, 03:35 AM
Password hash - by El Forum - 06-26-2012, 05:53 AM
Password hash - by El Forum - 06-26-2012, 07:10 AM
Password hash - by El Forum - 06-26-2012, 08:15 AM
Password hash - by El Forum - 06-26-2012, 08:29 AM
Password hash - by El Forum - 06-26-2012, 08:32 AM



Theme © iAndrew 2016 - Forum software by © MyBB