Bcrypt for password hashing because it is slow?

前端 未结 4 2251
闹比i
闹比i 2021-02-20 13:54

I read today on not-implemented.com :

Sha-256 should be chosen in most cases where a high speed hash function is desired. It is considered secure with no

4条回答
  •  误落风尘
    2021-02-20 14:32

    On your side, the password hash needs to be computed rather rarely. But an attacker who tries to brute force a password from a stolen hash, relies on computing as many hashes as possible.

    So, if your login now takes 100 ms instead of 0.1 (probably less) that's not really a problem for you. But it makes a huge difference for an attacker if he needs 2000 days to break a password instead of 2 days.

    bcrypt is designed to be slow and not to allow any shortcut.

提交回复
热议问题