I'd like to add a fifth approach: use an algorithm designed for passwords, like bcrypt, which takes care of salting for you, but it's also more computationally expensive with configurable complexity. I think bcrypt is still the default in Rails.
Using a single round of SHA-256 with all the existing hashing hardware acceleration (thanks Bitcoin!) isn't much secure nowadays.
You're right, I should have mentioned the bcrypt approach. My goal in these articles is to show the reader how the theory behind all the library magic works, to make understanding the principles easier. Thanks for the heads up!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'd like to add a fifth approach: use an algorithm designed for passwords, like bcrypt, which takes care of salting for you, but it's also more computationally expensive with configurable complexity. I think bcrypt is still the default in Rails.
Using a single round of SHA-256 with all the existing hashing hardware acceleration (thanks Bitcoin!) isn't much secure nowadays.
You're right, I should have mentioned the bcrypt approach. My goal in these articles is to show the reader how the theory behind all the library magic works, to make understanding the principles easier. Thanks for the heads up!