Switch password hashing over to bcrypt - Githubissues

stevenleeg / gobb

A simple and fast bulletin board written in Go.

Other

130 stars 26 forks source link

Switch password hashing over to bcrypt #25

Open stevenleeg opened 10 years ago

matrixik commented 10 years ago

Or even better: use scrypt

stevenleeg commented 10 years ago

@matrixik what makes scrypt better?

matrixik commented 10 years ago

I will leave this for better than me: http://www.reddit.com/r/PHP/comments/1c210u/opinions_on_password_safetybcryptscryptpbkdf2/c9d8pi5 https://github.com/freedomofpress/securedrop/issues/51 http://security.stackexchange.com/a/49198

As a bonus: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet