asked on Is Bcrypt the right hashing algorithm to use for passwords?
Hi there,
I've read many articles about hashing algorithms. Their pros, their cons etc.
I think I have decided upon using the brcypt algorithm to hash my passwords with a unique per user salt.
The main reasons that I like it are :
My only concern is that it has been out for a long time now. Should I still use it or should I move on to a new algorithm like Argon2, scrypt, SHA3 etc
Does anyone with better knowledge than myself have any insights as to whether I'm ok sticking with my Bcrypt decision or whether I should move on to a newer algorithm?
Thanks
I've read many articles about hashing algorithms. Their pros, their cons etc.
I think I have decided upon using the brcypt algorithm to hash my passwords with a unique per user salt.
The main reasons that I like it are :
- It's been out for a long time and as far as I'm aware there are no known issues with it.
- It was designed to be used for passwords and even includes 'salt' as a parameter.
- It is relatively slow (compared to other hashing algorithms) to create a hash thereby hindering brute force attacks and someone creating lookup and rainbow tables of passwords with the salt combined.
My only concern is that it has been out for a long time now. Should I still use it or should I move on to a new algorithm like Argon2, scrypt, SHA3 etc
Does anyone with better knowledge than myself have any insights as to whether I'm ok sticking with my Bcrypt decision or whether I should move on to a newer algorithm?
Thanks
EncryptionSecurity.NET ProgrammingASP.NET
Last Comment
btan
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.