swombat.com

daily articles for founders

Running a startup in the UK (or with a UK subsidiary)? Get in touch with my company, GrantTree. We help with government funding.
How to safely store a password  

Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.

Well, at least it's clear.

Bcrypt is better because hashes like MD5 or SHA* are designed to be very quick, and so they can be cracked by simple brute-force attacks, even when you include a salt.

This comment on HN is also very informative, especially if you don't know what I'm talking about, as is the rest of the discussion, in fact.

Why is this relevant? Because password hashing is something that almost every web application has to do. And most web applications use salted hashes. And, as the recent Gawker débacle showed, that is not secure.

More from the library:
Hand to wannabe "product guys"
When to sell your company
Frighteningly ambitious startup ideas