|
|
|
|
|
|
by bawolff
2357 days ago
|
|
|
The md5 weakness (that everyone talks about) is about collision resistance, which isn't relavent to password hashing. Generally you want slow, high cpu & memory hash functions for password hashing. This is the opposite of what md5/sha/blake aim for, as they want to be fast as possible. A fast hash allows the attacker to make many guesses very quickly (i think you can get something like 2 billion sha256 hashes a second with high end gpus). A slow hash makes it harder for the attacker to take lots of guesses (adding high mem usage helps protect against using alternate architectures like fpgas to speed things up). Anyways, for passwords use something like argon2. |
|
|