What is the strongest hashing algorithm commonly available today?

C

5

11

I'm building a web application and would like to use the strongest hashing algorithm possible for passwords. What are the differences, if any, between sha512, whirlpool, ripemd160 and tiger192,4? Which one would be considered cryptographically stronger?

Celebrated answered 8/10, 2008 at 18:16 Comment(2)

Define what you mean by "strongest". – Pomona 8/10, 2008 at 18:19

I usually think of the resources required to find an input that hashes to a given value. – Appellative 8/10, 2008 at 18:32

S

14

bCrypt - Why would be a very long explanation, for which I recommend Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes

Basically, it's secure, it's slow, it's already implemented.

Smalltime answered 8/10, 2008 at 18:20 Comment(1)

bcrypt is not really a hashing algorithm, it's a technique that uses other hashing algorithms. – Gunpaper 24/5, 2013 at 1:7

O

3

If you are actually concerned about the security of your system (as opposed to the quite academic strength of algorithms) then you should go with a proven and mature implementation instead of nitpicking algorithms.

I would recommend Ulrich Drepper's SHA-crypt implementation. This implementation uses SHA-512, a 16 character long salt, is peer reviewed and scheduled to go into all major Linux distributions via glibc 2.7.

P.S.: Once you have reached this level of security, you'll be visited by the black helicopters anyways.

Ostentation answered 8/10, 2008 at 18:48 Comment(0)

L

2

David, those are all plenty strong functions. Even the much-ballyhooed MD5 collisions are not of the password-cracking variety, they just generate two different strings with the same MD5 (a very different proposition from finding a string that generates a given MD5 value).

If you are concerned about the security of the passwords, you need to worry about the protocols used to store them, the protocols used to recover passwords forgotten by users, and all the other possible avenues of attack. Those options are used far more often to crack passwords than brute-force crtyptanalysis.

Do use a salt, though.

But first read the article AviewAnew posted

Lectra answered 8/10, 2008 at 18:30 Comment(0)

A

0

Here's a good post on coding horror about storing passwords. In short, he suggests bcrypt or SHA-2 with a random unique salt.

Auschwitz answered 8/10, 2008 at 18:26 Comment(0)

W

0

MD5 and SHA are the two most popular hashing algorithms. SHA-256 uses a 256-bit hash, whereas MD5 produces a 128-bit hash value. So, SHA-256 should be good choice as it is the strongest hashing algorithm. You can find some useful case here -> https://codesigningstore.com/what-is-the-best-hashing-algorithm

Washburn answered 8/4, 2022 at 6:53 Comment(0)

Recommended topics

Hot tags