Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve been reading Stack Overflow questions for about 15 minutes now and every single one seems to contradict the previous one I read. Bcrypt, SHA1, MD5, and so on. I currently MD5 my passwords, but I want to make my database more secure in case of a breach.
I know this has been asked a million times, but I can’t seem to find a decent answer anywhere else.
Thanks.
The reason you see contradictory answers is because there is no right one. You should use the most secure method that your application can support. More secure = more overhead.
MD5 has been broken and cracked.
According to this article, SHA1 is broken. However it has not yet been cracked.
bcrypt has not (to the best of my knowledge) been found to be broken.
Given enough CPU cycles, any hashing or encryption algorithm can eventually be circumvented. Your decision should balance the security of your data with the performance of your application.
Given those caveats, bcrypt is the defacto standard at this time. It is designed for strength, not speed, and is not known to be broken. For an index of information about bcrypt, see the bcrypt article on Wikipedia.