## Comment Sustainable password hashing (Score 1, Informative) 77

I'm tooting my own horn, but you might find my article on long-term password hashing strategies helpful:

https://medium.com/@uther_bendragon/sustainable-password-hashing-8c6bd5de3844

TL;DR version:

1) Use a one-way collision-resistant algorithm developed by professional cryptographers, and the implementation of which has been adequately studied and understood;

2) Do not use an algorithm with known vulnerabilities (this obvious step is sometimes not followed);

3) Use randomly-generated data—salt as additional input to the algorithm to minimize vulnerability to rainbow/lookup table attacks. The salt should be generated from a Cryptographically Secure Pseudo-Random Number Generator;

4) Use a long salt, preferably as long as the output of the hash function;

5) Use an adaptive hashing algorithm—that is to say, an algorithm with a configurable number of encryption iterations to slow attackers (a.k.a. key stretching). The number of iterations can be tuned as the speed of available hardware increases to keep the resulting hash secure. Such choices include PBKDF2, bcrypt and now scrypt.

6) At at some point you will need to change your hashing function, in fact, probably many times. So store the algorithm along with the hash e.g. ALG:HASH:SALT

7) secure legacy hashes by wrapping the obsolete hash with a new one e.g. encrypt the md5 hash of the guy who hasn't logged in for years in your new hashing algorithm and store it with a token like md5|pbkdf2:hash:salt