Reputation: 1393
Password Hash Approach
I need to store the hashed password in the database the first time the user registers into the system. The standard approach is to take the
Passwordand asalt, append them and use a hash algorithm whose output is saved in the database.I am going to use
Cryptographically Secure Pseudo-Random Number Generator(CSPRNG) for generating thesalt. The salt generated usingCSPRNGare very secured for generatingsaltsas I have read from sources Link. Since thesaltis very difficult to predict, using theMD5for hashing the finalString(Password || salt)is a good decision or is there any better alternative ?
NOTE:
The parameters I am considering for choosing a Hash Algorithm:
1) The security should be considerably good.
2) The hashing algorithm should be fast enough to not hinder the user experience.
Upvotes: 1
Views: 74
Answers (1)
Reputation: 9795
This has been covered time and time again all over the internet, but here we go, once more...
Use bcrypt, argon2 or PBKDF2. Use a CSPRNG to generate a salt. Storing the salt with the hash is fine. Don't use MD5, SHA256, or anything else without an intentional iteration count.
Upvotes: 5
Related Questions
- Password hashing, salt and storage of hashed values
- Most secure way to hash passwords
- Encryption vs Hashing Passwords
- Keying Hashes/Login Security?
- Passwords, Salts, And Security Concepts
- Password hashing methods
- Double hashing security
- Cryptography: Make a stronger hash for password
- Hash and encryption in combination: Preserve security
- Passwords and different types of encryption