Reputation: 2673
Which hash function is currently a good choice for passwords?
Some hash functions are today not as safe as they were some years ago. Which hash function would currently be a good choice for hashing passwords?
Thanks in advance.
Upvotes: 3
Views: 503
Answers (3)
Reputation: 44058
Well, sha-2 is technically more secure, but no collisions have been found for sha-1 yet.
If you're trying to defend against rainbow tables or something, I would go with sha-2, since it has not seen wide use (yet).
SHA hash functions (Wikipedia)
Upvotes: 3
Reputation: 86064
A keyed hash such as SHA256 HMAC would be a good option to prevent brute force attacks if your data store is compromised.
Upvotes: 0
Reputation: 47751
The official answer is the one that produces the largest hash (like SHA-512). However, in practice, you usually have to make a tradeoff between that and storage concerns and processing time to calculate the hash.
Here's a list of hash functions, along with data about their size and more:
http://en.wikipedia.org/wiki/Cryptographic_hash_function#Cryptographic_hash_algorithms
Upvotes: 0
Related Questions
- Hash Functions which are used and more popular
- Hashing function security level required for storing passwords
- What is the strongest hashing algorithm commonly available today?
- What's the recommended hashing algorithm to use for stored passwords?
- Most secure way to hash passwords
- Which of the .NET included hashing algorithms are suitable for password hashing?
- Which hash method do you use (MD5, SHA1, other?)
- What hashing algorithm should I use for storing passwords?
- What built-in Java hash function to use for password
- How to choose a salt for a hash function meant to protect passwords?