Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Froot75207yStill takes 85838298474628193636281 years 😆
Good visualisation of how hard it is to crack sha256
https://youtu.be/S9JGmA5_unY -
@Froot that is true. But most of the people haven't updated the hashes to sha256.
They are still using sha1 or worse, MD5! XD -
Froot75207y@bugHunter True. And they probably also don't salt their hashes to make sure it's easily googled 😆
-
I'm not really into hash algorithms, sooooo... What's your opinion about bcrypt? Also, which one is the most efficient one to use in production in your opinion? (not too slow + still pretty secure = efficient in this context)
-
Froot75207y@wildcard I use pbkdf2 with 10k iterations. You want the hashing to be just slow enough, if it's too fast it's too weak
-
@Froot yes, but I'm wondering if it causes performance issues if it's too slow...
Edit: also thanks for the suggestion, I gotta check that algo out, I've never heard of it! -
Root796697y@Letmecode:
My only qualm with bcrypt is its max password length issue.
Some of my users have passwords in excess of 100 characters, and bcrypt simply truncates that input, resulting in... a 92 char password iirc?
It's still secure _enough_, but. It could be better. Besides, it would be scary for the user if they add garbage to the end (or delete/replace a few trailing chars) and still log in successfully... -
Sykoah7137yCome at me bro I got the sword of sha256 salted bcrypt. That a pretty big dice to roll my bets are on me :)
-
lucifyer5127yI'm just new to hashing. And I use original blowfish with unique salt. Is it outdated?
Hackers are ready...
undefined
password hashes