M
Matt Baker
Guest
Hash functions have different uses. "fast" ones like the SHA- series are designed as a quick way to generate a hash for a largish amount of data. Other ones like bcrypt/scrypt and so-on are designed specifically to be slow so it is troublesome to generate in large quantities to attack an authetnication mechanism. "fast" ones are convenient as they are easy and "fast". They may be "good enough" to use with authentication if you use salts and multi-rounds. Hash algorithms like bcrypt already have salt and multiple rounds built-in as it is intended for use with authentication systems. So the "best practice" here is to use an algorithm intended for its purpose and don't cheat by abusing an algorithm for something it isn't intended for.
Continue reading...
Continue reading...