Collaborate Disseminate
Edit: Updated to put more emphasis on the goal – peace of mind for the user, and not beefing up the security.
After reading through a few discussions here about client side hashing of passwords, I’m still wondering whether it might be OK … Continue reading Client side password hashing
I can’t find a way of specifying the hashing algorithm used by the PBKDF2 (the Rfc2898DeriveBytes class) implementation in C# System.Security.Cryptography.
It seems to be just SHA1. Am I missing something? I was hoping to use PBKDF2-SHA25… Continue reading Is PBKDF2 only SHA1 in C#?
When creating a hash with PBKDF2, it allows the developer to choose the size of the hash. Is longer always better? Also, what about the size of the random salt? Should that be the same size as the hash?
EDIT: Particularly in… Continue reading With PBKDF2, what is an optimal Hash size in bytes? What about the size of the salt?
I’m looking at two comparable pieces of software which encrypt data on disk using a passphrase. One uses PBKDF2 to generate the encryption key from a passphrase, while the other uses two rounds of SHA256. What’s the differenc… Continue reading What’s the advantage of using PBKDF2 vs SHA256 to generate an AES encryption key from a passphrase?
I just wanted to know if you can increase the cost (iterations) of those two algorithms off-line.
I want to increase the cost every year of my users passwords.
One solution is to recalculate them when the user logs in, but a user may have … Continue reading Is it possible to increase the cost of BCrypt or PBKDF2 when its already calculated and without the original password?
We hesitated between BCrypt and PBKDF2 for password hashing. In many forums and blogs people say something like “In their Special Publication SP 800-132 NIST basically recommends using PBKDF2 for password hashing.”
This may be a very imp… Continue reading Does NIST really recommend PBKDF2 for password hashing?
I’m curious if anyone has any advice or points of reference when it comes to determining how many iterations is ‘good enough’ when using PBKDF2 (specifically with SHA-256). Certainly, ‘good enough’ is subjective and hard to define, varies … Continue reading Recommended # of iterations when using PBKDF2-SHA256?