Is there any recommended approach for "upgrading" MD5 hashes to something secure? [duplicate]
This question already has an answer here:
Should passwords be automatically reset when the underlying method changes
6 answers
Category Archives: PBKDF2
Isn’t using pbkdf2 + scrypt + bcrypt best?
Since slower is better and key stretching is an awesome way to increase security over potentially low entropy passwords, doesn’t it make sense to use all three?
To be clear, this is about implementing a key stretching archit… Continue reading Isn’t using pbkdf2 + scrypt + bcrypt best?
Incrementing Work-Factor of Hash Functions Over Time
For a long time hash functions have required a work-factor in order to keep the operation “slow” enough to protect individual passwords in the case of a database leak. Bcrypt and PBKDF2 being notable examples.
I’m also aware of the “Don’… Continue reading Incrementing Work-Factor of Hash Functions Over Time
Parameters for PBKDF2 for password hashing
I use PBKDF2 with SHA-256 to store hashes of passwords. I use the following parameters:
number of iterations desired = 1024
length of the salt in bytes = 16
length of the derived key in bytes = 4096
But recently I fou… Continue reading Parameters for PBKDF2 for password hashing
Database row level encryption scheme
I am wanting to secure some highly sensitive data in a database. This would mean that the data needs to be encrypted and remain secure for 100 years if it were to fall into adversary hands. I also want to limit the amount of … Continue reading Database row level encryption scheme
Login details security using salt and hash, and a login role in postgresql
I am coding up the security for a website in express.js and postgresql database. Now I have been reading about salting and hashing and I have the code set up with pbkdf2 using the crypto module, but my issue is how I will str… Continue reading Login details security using salt and hash, and a login role in postgresql
How to safely use a Key Derivation Function to secure private data – need guidance
I have some secure data created in my client app which I wish to store on the server as backup for the user.
The user already has a password to authenticate with the server. The password is never sent to the server (I use SRP6 to authenti… Continue reading How to safely use a Key Derivation Function to secure private data – need guidance
At what point does adding more iterations to PBKDF2 provide no extra security?
If my true passphrase is used only to generate a hash which is used as the cipher’s actual key, doesn’t that mean it’s possible to try and brute force the cipher itself? I know it would take an impossibly long time either way… Continue reading At what point does adding more iterations to PBKDF2 provide no extra security?
LastPass One Time Recovery Passwords–How?
The LastPass password manager stores One Time Recovery Passwords locally in each browser you use the plugin with:
http://helpdesk.lastpass.com/account-recovery/
My question is, how can you have more than one password?
I th… Continue reading LastPass One Time Recovery Passwords–How?
BCrypt+SHA256 vs PBKDF2-SHA256
From this question, the OP posited taking a user’s entered password, running it through BCrypt, then running that through SHA256 to produce a 256-bit password-derived key. (EDIT: To clarify, these two options are considered a… Continue reading BCrypt+SHA256 vs PBKDF2-SHA256