Choosing a Hashing Algorithm for Storing Passwords, Updated

This is a video that I made for my YouTube channel but I think it fits perfectly here too!

If you’ve had to store sensitive user information in a database, you’ve probably heeded the advice to “just use bcrypt”. But do you know why? What other choices are there? In this video we take a deep look at bcrypt, pbkdf2, scrypt and argon2!

Understanding hashing algorithms means understanding their resilience against certain kinds of attacks. That resilience is brought about by how difficult it is to calculate the hash. Algorithms like MD5 and SHA-x are all about speed, because that's how they're used! When you commit to Git, a SHA-1 hash is created for you and you certainly don't want to be slowed down.

But when an attacker tries to brute force a rainbow table attack on your stolen data, you want that hashing algo to be damn slow!

In this video we'll take a look at the most popular algorithms, including my new favorite, Argon2.


You need to be logged in to leave a comment.