swombat.com

daily articles for founders

How to safely store a password  

Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.

Well, at least it's clear.

Bcrypt is better because hashes like MD5 or SHA* are designed to be very quick, and so they can be cracked by simple brute-force attacks, even when you include a salt.

This comment on HN is also very informative, especially if you don't know what I'm talking about, as is the rest of the discussion, in fact.

Why is this relevant? Because password hashing is something that almost every web application has to do. And most web applications use salted hashes. And, as the recent Gawker d├ębacle showed, that is not secure.

More from the library:
Should you turn into a hacker to do a startup?
What does the business guy do pre-launch?
Don't choose freemium by default
Google Analytics Alternative