What is the most secure hash algorithm for passwords?

Question

What is the most secure hash algorithm for passwords?

According to http://php.net/manual/en/function.hash.php there is a php hash method: hash (). It supports all of the methods below, but I am wondering which is the safest method for hashing passwords.

Results: (in microseconds)
   1.  md4                           5307.912
   2.  md5                           6890.058
   3.  crc32b                        7298.946
   4.  crc32                         7561.922
   5.  sha1                          8886.098
   6.  tiger128,3                    11054.992
   7.  haval192,3                    11132.955
   8.  haval224,3                    11160.135
   9.  tiger160,3                    11162.996
  10.  haval160,3                    11242.151
  11.  haval256,3                    11327.981
  12.  tiger192,3                    11630.058
  13.  haval128,3                    11880.874
  14.  tiger192,4                    14776.945
  15.  tiger128,4                    14871.12
  16.  tiger160,4                    14946.937
  17.  haval160,4                    15661.954
  18.  haval192,4                    15717.029
  19.  haval256,4                    15759.944
  20.  adler32                       15796.184
  21.  haval128,4                    15887.022
  22.  haval224,4                    16047.954
  23.  ripemd256                     16245.126
  24.  haval160,5                    17818.927
  25.  haval128,5                    17887.115
  26.  haval224,5                    18085.002
  27.  haval192,5                    18135.07
  28.  haval256,5                    18678.903
  29.  sha256                        19020.08
  30.  ripemd128                     20671.844
  31.  ripemd160                     21853.923
  32.  ripemd320                     22425.889
  33.  sha384                        45102.119
  34.  sha512                        45655.965
  35.  gost                          57237.148
  36.  whirlpool                     64682.96
  37.  snefru                        80352.783
  38.  md2                           705397.844

+3

security php

user2058041 10 Feb At 2:04 am

source to share

2 answers

what is the safest method for hashing passwords

To answer the premise of the question: The absolute safest is likely to be:

First Hardware Security Module , using HMAC with HSM managed private key,
and then hashing with the winner of the Hash Hash Contest once that winner was found and had 5-10 years of real-world exposure and peer review.

Until that time, the safest may be:

HSM as above and
One of the good options for the canonical answer to hashing passwords .

However, realistically hashing passwords is not a major problem, and simply hashing with any of the "good" solutions will be more than enough. Good solutions:

BCrypt,
PBKDF2 with HMAC with SHA256 (or 512).
And many people consider SCrypt to be a strong choice as well, although some consider it a little young.

For both of the above, you shouldn't be rolling back your own composition. You should always use a mature, well tested and proven library designed for long term storage of passwords. Hashing passwords isn't just about using BCrypt or PBKDF2, you need composition with sensible defaults for character encodings, salts, iteration cost factors, etc.

0

Jesper mortensen 09 dec. 13 at 19:13

source to share

SLaks · Accepted Answer · 2013-02-10T02:08:24+0000

None of the above.

You must use bcrypt .

What is the most secure hash algorithm for passwords?

None of the above.

More articles: