9/16/2023 0 Comments Change facebook passwordThis should allow password hashes to be encrypted/decrypted without necessarily exposing the encryption key to the type of hackers that can steal a password-hash-database. The cryptoservice part probably uses an HSM. But the HMAC parts and probably the MD5 part are redundant. Update!Īs for whether the FaceBook method is security by obscurity. And especially don't run that implementation in an interpreter where it will be much slower. Don't implement your own password hashing function.Don't use a derived key length greater than the underlying hash function's output length. Use a binding to native optimized PBKDF2.(The password will get truncated if it's too long or contains a null character.) Make sure the library correctly works around all of the original bcrypt algorithm's quirks. Protecting many users' account passwords and can't use Argon2? Use a library that uses a binding to native optimized bcrypt.If you're trying to protect admin accounts then prioritize using very strong passwords and encryption first. Protecting a few passwords, can't use Argon2, and can tolerate slow responses? Use scrypt with the same cost parameters as 4.If it seems safe to reduce the time scrypt runs then reconsider. Set the single cost parameter high enough to use a lot of RAM and time. Protecting encrypted data using a password and can't use Argon2? Use a binding to a native optimized scrypt implementation.Update your software so you can choose 1.The current official recommendation is Argon2i for people that don't know which one to choose. The choice between Argon2d, Argon2i, and Argon2id may be up for debate.Refer to the Argon2 spec's "Recommended parameters" section for how to choose parameters.Using a binding to the official native optimized implementation of Argon2.The MD5 and HMAC parts don't add to security. The only part that should be replicated from the FaceBook solution is using a memory-hard function and the cryptoservice peppering. We're going to use PBKDF2 HMAC-SHA-256 with 8 bytes salt, we're discussing what hashing schema use. I'm asking if something like it makes sense now in 2018.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |