Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

  The two most common methods, md5 and sha-1 are
  both susceptible to collisions, or birthday attacks.
  As of writing this, I would recommend using
  SHA-3-256 which has no known attacks.
Don't do that. Hashing algorithms without salt and iteration counts is a bad idea. Thankfully, languages and frameworks are starting to take this responsibility away from the programmer (or at least they're making it easier) – consider using has_secure_password in Rails, password_hash in PHP 5.5, etc. Don't use standard hashing algorithms.


Thanks! I have updated the article to include a paragraph on salting.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: