Programming Rambling

mrzard's ramblings in the wild

Choosing a Method to Store Passwords Safely.

| Comments

As seen in the Gawker/Gizmodo HUGE problem with having their passwords compromised, I found a short and excellent post about why using speed-oriented hash functions is a bad idea for password encryption.

In a nutshell, MD5, SHA1 and the like are designed to work fast with large amounts of data, so they are most useful when calculating data integrity and the like, but being fast, they are also easy to attack by brute force.

On the other hand Bcrypt is ‘slow’ when compared with other hashing algorithms, which makes it strong against brute force attacks. You can find the original post here: http://codahale.com/how-to-safely-store-a-password/

I do not necessarily agree with the ‘uselessness’ of salting passwords, as that makes it harder to find a general pattern to attack ALL of the accounts protected by a single password in the system, but I see the point of it not being able to prevent or slow brute force attacks.

Comments