You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Nowadays, there are hashing algorithms designed explicitly for hashing passwords. Those also have parameters to require more computations and/or memory (which does not scale well) in order to make bruteforce attacks harder. Examples are argon2id and yescrypt (the former won the Password Hashing Competition). You describe password hashing as a use case for cryptographic hashes but only mention algorithms that are not suitable for this purpose.
You also say that MD5 is still useful. However, because of existing attacks (e.g. missing collision resistance), MD5 is obsolete and should not be used at all. For other use cases (not related to password hashing), there are other very fast algorithms without known attacks that should be preferred. Examples are SHA-2 or SHA-3.
The text was updated successfully, but these errors were encountered:
The section about prominent hash algorithms does not include modern password hashing algorithms.
Nowadays, there are hashing algorithms designed explicitly for hashing passwords. Those also have parameters to require more computations and/or memory (which does not scale well) in order to make bruteforce attacks harder. Examples are
argon2idandyescrypt(the former won the Password Hashing Competition). You describe password hashing as a use case for cryptographic hashes but only mention algorithms that are not suitable for this purpose.You also say that MD5 is still useful. However, because of existing attacks (e.g. missing collision resistance), MD5 is obsolete and should not be used at all. For other use cases (not related to password hashing), there are other very fast algorithms without known attacks that should be preferred. Examples are
SHA-2orSHA-3.The text was updated successfully, but these errors were encountered: