weblog.sh icon indicating copy to clipboard operation
weblog.sh copied to clipboard

Published 20 hours ago verified publisher icon hmngwy

SHA Is Not a Suitable Algorithm for Securing Passwords.

Open bookercodes opened this issue 9 years ago • 2 comments

Here it looks like you are using SHA to hash passwords.

It is my understanding SHA is not a suitable algorithm for securing passwords.

According to OWASP (and indeed, many other security resources,) bcrypt or PBKDF2 should be used instead.

bookercodes avatar Nov 24 '15 12:11 bookercodes

Argon2 would be a better candidate than bcrypt or PBKDF2.

mozfreddyb avatar Nov 24 '15 13:11 mozfreddyb

@mozfreddyb,

Are you sure?

I cannot find any Node modules for Argon2, let alone a one that is tried and true like node.bcrypt.js.

bookercodes avatar Nov 24 '15 15:11 bookercodes