5

What is the most secure one way encryption algorithm to encrypt passwords?

MD5 and SHA (1..512) are frequently used, but they are designed for speed what is bad for preventing brute force attacks on encrypted passwords.

The algorithm shouldn't be too exotic, so that it can be used with common programming languages / runtimes like Java, .NET or Python.

deamon
  • 89,107
  • 111
  • 320
  • 448
  • 1
    Whatever the method, you need a good salt. SHA is good enough I think, on such small datasets as a password, the hash method won't matter that much. – Prof. Falken Aug 02 '11 at 11:54
  • 4
    NB: MD5 and SHA are *not* encryption algorithms, but *hash* algorithms. IIRC at least MD5 is known to be vulnerable to dictionary attacks. – Thorsten Dittmar Aug 02 '11 at 11:59
  • 2
    This is actually a duplicate of the earlier question on security.SE: http://security.stackexchange.com/q/4789/485 - I propose a migrate and close as duplicate. – Rory Alsop Aug 02 '11 at 14:27
  • @Thorsten: Any hash algorithm is about equally subject to dictionary attacks (a dictionary is based on password choices, not the hash algorithm proper). There is a collision attack on MD5 that affects some uses (e.g., digital signatures) but not passwords. At the same time, the existence of the collision attack indicates enough weakness that it's generally better to avoid MD5 in general (except, possibly, things like verifying file transfers where there's no attacker). – Jerry Coffin Aug 03 '11 at 03:25
  • "One way encryption" is called a "hash". Upvoting only because anyone else looking for the correct term will be helped to find it. – Ian Boyd Oct 07 '11 at 14:14

3 Answers3

9

BCrypt or SCrypt. Why? because they where designed to be slow instead of fast.

see also: How to securely hash passwords? on security.stackexchange.com

Community
  • 1
  • 1
Jacco
  • 23,534
  • 17
  • 88
  • 105
  • 1
    There is some discussion about the use of PBKDF2 for password verifiers: [Is PBKDF2-based System.Cryptology.RFC2898DeriveBytes() “better” for Unicode Password hashing than traditional methods?](http://security.stackexchange.com/questions/2051/is-pbkdf2-based-system-cryptology-rfc2898derivebytes-better-for-unicode-passw/2056#2056) and [Which password hashing method should I use?](http://security.stackexchange.com/questions/5605/which-password-hashing-method-should-i-use). – Jacco Aug 02 '11 at 12:26
2

Hashing alone won't save you, as can be read in other posts on the topic.

bcrypt and scrypt are indeed good choices, but they're not supported out of the box by most languages. Although it really shouldn't be a problem to find a library that supports them. In addition to these two, you could use password-based encryption (PBE) as described in PKCS#5, ideally with PBKDF2. There should be built-in support for PBE almost anywhere.

emboss
  • 38,880
  • 7
  • 101
  • 108
  • 1
    Bcrypt may be hard to find out-of-the-box, but it is implemented for Ruby, Python, .NET & Mono, Java, Perl, PHP, and Erlang at least - see the initial (undifferentiated) links at [How To Safely Store A Password | codahale.com](http://codahale.com/how-to-safely-store-a-password/) – nealmcb Aug 02 '11 at 17:44
1

People are using BCrypt, a cryptography method, because it's very slow.

See: http://codahale.com/how-to-safely-store-a-password/ and http://www.openwall.com/crypt/

Also take a look at this question: https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage

SHA512 vs. Blowfish and Bcrypt

https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords

Community
  • 1
  • 1
woliveirajr
  • 9,433
  • 1
  • 39
  • 49
  • 2
    Hashing thousands of times is still [not really to be recommended](http://stackoverflow.com/questions/6869129/encryptingmd5-multiple-times-can-improve-security/6877004#6877004) over bcrypt, scrypt or PBE. – emboss Aug 02 '11 at 12:16