How To Safely Store A Password ? Use bcrypt !
Why Not {MD5
, SHA1
, SHA256
, SHA512
, SHA-3
, etc}?
These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbish for storing passwords.
A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.
And that’s without investing anything. Continue reading How To Safely Store A Password