What hash function should be used for passwords? [duplicate]

Question

Possible Duplicate:
What's the recommended hashing algorithm to use for stored passwords?

Hello, I've recently been told that common hash functions such as SHA256 are insecure for use as a password hashing function because they are "designed to be fast"(incidentally I asked earlier for faster hashing functions over at programmers.se). So my question, what should be used for websites or other general applications?

Also, secondary question: Is SHA256 really not a good choice for hashing passwords? I kind of don't believe it, but I've heard crazier things be true.

(note: assume all other proper actions are being taken such as unique salts)

Duplicate? stackoverflow.com/questions/2549988/…

Mark Ransom
– Mark Ransom

2011-02-21 04:17:09 +00:00
Commented Feb 21, 2011 at 4:17 — Mark Ransom
– Mark Ransom, Commented Feb 21, 2011 at 4:17

alex · Accepted Answer · 2011-02-21 04:26:03Z

3

You should use bcrypt.

answered Feb 21, 2011 at 4:26

alex

492k205 gold badges890 silver badges992 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Earlz Over a year ago

My question then is why? How much faster can you crack SHA256 than bcrypt? Especially if I do multiple iterations of SHA256?

alex Over a year ago

@Earlz bcrypt lets you use a work factor. If it (argument's sake) SHA256 runs 30 times a second, and bcrypt runs once, then SHA256 will be 30 times quicker to crack (in theory, at least :D )

payne Over a year ago

The link provided explains why: you define a "work factor", which will determine how fast/slow it is, and how much work a brute force attacker would have to do.

deiga · Accepted Answer · 2011-02-21 04:17:11Z

1

At the time of writing SHA256 is adequate for password protection, though it may not be in a year or so.

I'd maybe use SHA512 as I'm not too well traversed in what is really secure at the moment, and I'm not sure if anything can be really secure, with the huge increases of computing power in CPU's and GPU's.

answered Feb 21, 2011 at 4:17

deiga

1,6372 gold badges17 silver badges35 bronze badges

Comments

Community · Accepted Answer · 2017-05-23 12:02:59Z

1

Mike Howard's answer on the question Mark linked to is the correct best practice.
Simply using a good hash is insufficient because:

it does not protect you from rainbow table attacks. The same password will hash to the same result, every time. An attacker can compromise on the time vs. space tradeoff, pre-compute the most popular passwords and simply look up the answer. To defeat, you need to add a salt. (Mike suggests user id)
as you suggest, hashing algorithms are designed to be fast. This is sometimes desired, (such as getting the hash of a 50MB file) but in the case of passwords it not. Use a password-based key derivation function instead. It will significantly slow down an attacker, but not impact your own speed.

edited May 23, 2017 at 12:02

CommunityBot

11 silver badge

answered Feb 21, 2011 at 4:29

J.J.

5,0992 gold badges30 silver badges26 bronze badges

Collectives™ on Stack Overflow

What hash function should be used for passwords? [duplicate]

3 Answers 3

3 Comments

Comments

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

3 Comments

Comments

Comments

Linked

Related