: I'm not sure why this question was migrated.. there are quite some questions with valid answers on stackoverflow about this. First: use BCrypt-hash, it is the recommended hashing algorithm today.
I'm not sure why this question was migrated.. there are quite some questions with valid answers on stackoverflow about this.
First: use BCrypt-hash, it is the recommended hashing algorithm today.
Sha256 is a general purpose hashing algorithm, designed to be fast; you do not want your hashing algorithm to be fast for password hashing.
Second: use a random, evenly distributed, high entropy salt. I also invite you to read my long answer on salting
Depending on your programming language/platform, the BCrypt algorithm already creates a salt for you. However, not all implementations do this; PHP for example does not auto create a salt.
If at all possible, don't roll your own script. But use a standard library.
Security tends to be a lot more complicated and with more invisible screw up possibilities than most programmers could tackle alone, so, using a standard library is almost always easiest and most secure (if not the only) available option.
More posts by @Jessie594
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.