Secure Password Storage-pbkdf2, bcrypt, and scrypt

Source: Internet
Author: User
Tags hmac scrypt

The password is stored in one-way hash to ensure the security of the user's password after the database is detached.

Because of the existence of the rainbow table attack method, it is generally considered that one-way algorithms such as MD5 and sha1 are not secure enough. So how to select an appropriate encryption algorithm?

The following describes several high-strength unidirectional hash algorithms in the industry and compares their advantages and disadvantages.

Pbkdf2

Pbkdf2 is a simple algorithm that performs n HMAC operations based on the 'iteration' parameter.

HW Database Password Storage of the minimum security requirements is, 1000 HMAC-SHA256 computing, recommended is 10 thousand times. Of course, when the minimum requirements are met, the performance requirements should be considered comprehensively when appropriate.

It is still relatively easy to use a GPU array or FPGA to crack pbkdf2. Note that this is relative, in order to compare the other two algorithms mentioned later.

Bcrypt

Bcrypt was invented in 1999. Because GPU and FPGA cracking is based on their parallel computing advantages over CPU, the bcrypt algorithm is not only designed to be CPU intensive, but also memory Io intensive.

However, with the time migration, the new FPGA has already integrated a large amount of RAM (type CPU cache, about dozens of megabytes), solving the problem of Memory Intensive Io.

Scrypt

Scrypt was created in 2009, making up for the shortcomings of bcrypt. It increases the CPU computing and memory usage overhead by a level, which not only requires time overhead, but also memory I/O overhead.

 

From the scrypt algorithm paper, we roughly estimated the time required to crack each of the above algorithms.

Secure Password Storage-pbkdf2, bcrypt, and scrypt

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.