134

Hackers are ready...

Comments
  • 25
    Still takes 85838298474628193636281 years 😆

    Good visualisation of how hard it is to crack sha256
    https://youtu.be/S9JGmA5_unY
  • 11
    @Froot that is true. But most of the people haven't updated the hashes to sha256.
    They are still using sha1 or worse, MD5! XD
  • 9
    @bugHunter True. And they probably also don't salt their hashes to make sure it's easily googled 😆
  • 0
    @Froot Hashcat ftw!
  • 0
    I'm not really into hash algorithms, sooooo... What's your opinion about bcrypt? Also, which one is the most efficient one to use in production in your opinion? (not too slow + still pretty secure = efficient in this context)
  • 5
    @wildcard I use pbkdf2 with 10k iterations. You want the hashing to be just slow enough, if it's too fast it's too weak
  • 0
    @Froot yes, but I'm wondering if it causes performance issues if it's too slow...
    Edit: also thanks for the suggestion, I gotta check that algo out, I've never heard of it!
  • 3
    @Letmecode:
    My only qualm with bcrypt is its max password length issue.

    Some of my users have passwords in excess of 100 characters, and bcrypt simply truncates that input, resulting in... a 92 char password iirc?

    It's still secure _enough_, but. It could be better. Besides, it would be scary for the user if they add garbage to the end (or delete/replace a few trailing chars) and still log in successfully...
  • 1
    Come at me bro I got the sword of sha256 salted bcrypt. That a pretty big dice to roll my bets are on me :)
  • 0
    sha512 ftw
  • 2
    @bugHunter @Froot This is the reason I BCrypt.
  • 0
    I use argon2i FTW
  • 0
    I'm just new to hashing. And I use original blowfish with unique salt. Is it outdated?
  • 1
    @Froot I use sha512 + salt for my password manager.
Add Comment