The guys over at the F-Secure labs posted a great article entitled: Are you sure SHA-1+salt is enough for passwords?. It's quite interesting; anyone who has anything to do with back-end development, particularity anyone who is responsible for storing passwords should read it. It explains that due to the computing power likely available to an attacker using a MD5 or SHA-1 hash on the passwords you store may allow an attacker to brute-force your passwords, even if you have salted them. The article goes on to recommend several more cryptographically sound hashing schemes that can be used instead.
↧