SHA-3 is KECCAK
Kapps
opantm2+spam at gmail.com
Tue Jan 21 09:17:18 PST 2014
On Tuesday, 21 January 2014 at 09:58:34 UTC, Uranuz wrote:
> I don't feel myself confident about crypto and security
> questions, but I need to make password hashing and generating
> of session Id. And make it difficult to pick up password with
> bruto force or dictional with single "usual" computer. I'm
> slightly disappointed that then more I read different articles
MD5, SHA2, SHA3, etc, none of these are valid for password
hashing. Not because of being able to generate a collision,
because that doesn't matter, but because it can be brute forced
easily. Use bcrypt or scrypt. If you really can't do that, then
hash with a salt at least thousand times (but if done improperly
this can make it actually less secure). You should always use a
built-in thing though, ideally bcrypt or scrypt.
More information about the Digitalmars-d
mailing list