Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm not familiar with iterations, anybody care to clue me in? I would have thought salted sha-1 would be decent for password hashing, though not the most solid possible, but at least not laughable. Is that not the case?


It is not. Sha1 is designed to be fast. You want your password hash function to be slow, so that an attacker has to spend as much resources as possible to brute force it.

Of course, it does not mean you should take a slow implementation of a fast hash. You need a hash that, when implemented to be as fast as possible, still is pretty slow.


good to know, thanks




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: