[wp-hackers] Should password hashing portability be configurable?
Harry Metcalfe
harry at dxw.com
Wed Nov 7 19:22:05 UTC 2012
> The underlying cryptographic hash function is pretty much
> irrelevant to the concept of password storage.
As far as choosing between MD5/SHA256/similar, I agree. But bcrypt is
different.
> Unless the hash algorithm is extremely slow, [...]
This is exactly the point. bcrypt is, by design, very slow. And it can
be adjusted to make it slower as computing power becomes cheaper. More:
http://en.wikipedia.org/wiki/Bcrypt
http://codahale.com/how-to-safely-store-a-password/
More information about the wp-hackers
mailing list