DEV Community

manu
manu

Posted on • Updated on

what algorithm do you use to store your passwords?

Yes, technically, you should be using Argon2 or Bcrypt or PBKDF2.

Argon2 is actually really secure.

​Argon2 is modern ASIC-resistant and GPU-resistant secure key derivation function. It has better password cracking resistance (when configured correctly) than PBKDF2, Bcrypt and Scrypt (for similar configuration parameters for CPU and RAM usage).

If anyone here uses md5, sha512, sha256, or any weird hashing algorithms, I'll be upset.

This was me when i started PHP:

$password = md5(md5(md5(md5($_GET['password']))));
Enter fullscreen mode Exit fullscreen mode

The correct way:

$password = password_hash($_POST["password"], PASSWORD_ARGON2I);
Enter fullscreen mode Exit fullscreen mode

Top comments (2)

Collapse
 
emindeniz99 profile image
Emin Deniz

Do you consider salted hashing to prevent rainbow table attack or something?

Collapse
 
emindeniz99 profile image
Emin Deniz

:) I saw that argon2 has a default salt generator. php.net/manual/en/function.passwor...