Security 107: The Hashing Algorithm, and why Bcrypt is your best friend
When securing passwords, the effectiveness of the hashing algorithm must also be taken into consideration. Passwords these days should be hashed using AT LEAST the SHA-256 message digest, which produces a much stronger hash than the now-defunct MD5. The main reason for this is that the SHA-256 method produces a hash that is twice the size of its older counterpart (256 bits as opposed to 128 for MD5). More data contained within a hash means a greater number of possible combinations and greater protection from rainbow tables and brute-force attacks.
SHA-256 is a member of the SHA-2 family, which has become more popular after flaws were discovered in the SHA-1 family back in 2005. However, it does have a major drawback, that we touched on in the previous article: SHA-2 is fast, and that’s not what we want. More →