|
|
|
|
|
|
by 0points
277 days ago
|
|
|
sha* is a horrible choice for storing passwords. It's intended use is for verifying data integrity. You should be using the solutions readily available instead of trying to reinventing the wheel, or avoid this subject altogether if you can't be bothered to educate yourself as to why. This has been a decades-long issue, and it blows my mind how people in IT still didn't get the memo. Use argon2, scrypt or even bcrypt who all are designed for keeping passwords secure with regards to brute force cracking. |
|
|