{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Ridiculous、 的问题《What is the strongest hashing algorithm commonly a》','https://www.manongdao.com/q-622448.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm building a web application and would like to use the strongest hashing algorithm possible for passwords. What are the differences, if any, between sha512, whirlpool, ripemd160 and tiger192,4? Which one would be considered cryptographically stronger?
相关问题
- facebook error invalid key hash for some devices
- Change first key of multi-dimensional Hash in perl
- Bool.hashValue valid to convert to Int?
- Is the c++ hash function reasonably safe for passw
- Reliably reproduce in C# a legacy password hashing
相关文章
- Bcrypt vs Hash in laravel
- What is the fastest way to map group names of nump
- Finding out whether there exist two identical subs
- Oracle STANDARD_HASH not available in PLSQL?
- Looking for a fast hash-function
- Python: Is there any reason *not* to cache an obje
- C# how to calculate hashcode from an object refere
- How Docker calculates the hash of each layer? Is i
If you are actually concerned about the security of your system (as opposed to the quite academic strength of algorithms) then you should go with a proven and mature implementation instead of nitpicking algorithms.
I would recommend Ulrich Drepper's SHA-crypt implementation. This implementation uses SHA-512, a 16 character long salt, is peer reviewed and scheduled to go into all major Linux distributions via glibc 2.7.
P.S.: Once you have reached this level of security, you'll be visited by the black helicopters anyways.
bCrypt - Why would be a very long explanation, for which I recommend Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes
Basically, it's secure, it's slow, it's already implemented.
Here's a good post on coding horror about storing passwords. In short, he suggests bcrypt or SHA-2 with a random unique salt.
David, those are all plenty strong functions. Even the much-ballyhooed MD5 collisions are not of the password-cracking variety, they just generate two different strings with the same MD5 (a very different proposition from finding a string that generates a given MD5 value).
If you are concerned about the security of the passwords, you need to worry about the protocols used to store them, the protocols used to recover passwords forgotten by users, and all the other possible avenues of attack. Those options are used far more often to crack passwords than brute-force crtyptanalysis.
Do use a salt, though.
But first read the article AviewAnew posted