[wp-hackers] Should password hashing portability be configurable?
harry at dxw.com
Wed Nov 7 19:22:05 UTC 2012
> The underlying cryptographic hash function is pretty much
> irrelevant to the concept of password storage.
As far as choosing between MD5/SHA256/similar, I agree. But bcrypt is
> Unless the hash algorithm is extremely slow, [...]
This is exactly the point. bcrypt is, by design, very slow. And it can
be adjusted to make it slower as computing power becomes cheaper. More:
More information about the wp-hackers