swombat.com

daily articles for founders

How to safely store a password  

Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.

Well, at least it's clear.

Bcrypt is better because hashes like MD5 or SHA* are designed to be very quick, and so they can be cracked by simple brute-force attacks, even when you include a salt.

This comment on HN is also very informative, especially if you don't know what I'm talking about, as is the rest of the discussion, in fact.

Why is this relevant? Because password hashing is something that almost every web application has to do. And most web applications use salted hashes. And, as the recent Gawker d├ębacle showed, that is not secure.

More from the library:
The value of time, or not
Lean Startup 101
Founder Control
Google Analytics Alternative