Secure Password Storage-pbkdf2, bcrypt, and scrypt

The password is stored in one-way hash to ensure the security of the user's password after the database is detached.

Because of the existence of the rainbow table attack method, it is generally considered that one-way algorithms such as MD5 and sha1 are not secure enough. So how to select an appropriate encryption algorithm?

The following describes several high-strength unidirectional hash algorithms in the industry and compares their advantages and disadvantages.

Pbkdf2

Pbkdf2 is a simple algorithm that performs n HMAC operations based on the 'iteration' parameter.

HW Database Password Storage of the minimum security requirements is, 1000 HMAC-SHA256 computing, recommended is 10 thousand times. Of course, when the minimum requirements are met, the performance requirements should be considered comprehensively when appropriate.

It is still relatively easy to use a GPU array or FPGA to crack pbkdf2. Note that this is relative, in order to compare the other two algorithms mentioned later.

Bcrypt

Bcrypt was invented in 1999. Because GPU and FPGA cracking is based on their parallel computing advantages over CPU, the bcrypt algorithm is not only designed to be CPU intensive, but also memory Io intensive.

However, with the time migration, the new FPGA has already integrated a large amount of RAM (type CPU cache, about dozens of megabytes), solving the problem of Memory Intensive Io.

Scrypt

Scrypt was created in 2009, making up for the shortcomings of bcrypt. It increases the CPU computing and memory usage overhead by a level, which not only requires time overhead, but also memory I/O overhead.

 

From the scrypt algorithm paper, we roughly estimated the time required to crack each of the above algorithms.

Secure Password Storage-pbkdf2, bcrypt, and scrypt