您好,欢迎访问代理记账网站
  • 价格透明
  • 信息保密
  • 进度掌控
  • 售后无忧

Ways to Encrypt Password on Server

Background:
the history of store password in server, starts with plain text, to MD5, SHA-1, SHA-2, to add salt/pepper/multihashing, to bcrypt/Argon2id etc.

Best way so far to encrypt password on server :
use bcrypt(unless have specific reasons not to do it), set reasonable work factor(n, which means do 2^n times hashing), use salt/pepper.

MD5 and SHA-1/2/3 can make the info in any length to a fixed length string based on delicate designed hash function. However, MD5 and SHA-1 are proved they can be hacked.
哈希函数之MD5算法
哈希函数之SHA家族

What is salting?
it’s a unique and random string, which added tp each password when hashing. Each salt is unique to the user.
modern hashing algorithm will automatically add salt on your password, which makes it harder to decode.
密码加密存储技术详解(Password Storage Cheat Sheet)

What is bcrypt?
It’s a single direction hashing algorithm.
four parameters: myPW(plain text string), salt(128 bits random String-22 bytes), saltRound(default: 10, this is like a work factor, but we do (add salt + hash) 10 times.)
This is way better than MD5, because the output length of bcrypt is 60 and the MD is 32.
Bcrypt加密之新认识


分享:

低价透明

统一报价,无隐形消费

金牌服务

一对一专属顾问7*24小时金牌服务

信息保密

个人信息安全有保障

售后无忧

服务出问题客服经理全程跟进