What’s the Best Hashing Algorithm for Storing Passwords?

3 years ago | YouTube
Most people will default to bcrypt when choosing a hashing algorithm for storing sensitive information - but why? Are there other choices? Indeed! In this video we'll take a look at scrypt, PBKDF2 and my favorite: argon2

If you’ve had to store sensitive user information in a database, you’ve probably heeded the advice to “just use bcrypt”. But do you know why? What other choices are there? In this video we take a deep look at bcrypt, pbkdf2, scrypt and argon2!

Crypto is a major weakness of mine and a subject I’ve put off learning about for ages. I’ve spent a few months with it now and it’s so much fun to learn about – specifically hashing. Here’s what I founMost developers just let their authentication library (or service) dictate which hashing algorithm to use, and normally that’s just fine. Well… until you get hacked and lose your user’s sensitive data.

Understanding hashing algorithms means understanding their resilience against certain kinds of attacks. That resilience is brought about by how difficult it is to calculate the hash. Algorithms like MD5 and SHA-x are all about speed, because that’s how they’re used! When you commit to Git, a SHA-1 hash is created for you and you certainly don’t want to be slowed down.

But when an attacker tries to brute force a rainbow table attack on your stolen data, you want that hashing algo to be damn slow!

In this video we’ll take a look at the most popular algorithms, including my new favorite, Argon2.

Have some thoughts? You can always reply to this post (if you're receiving as a newsletter) or shoot me an email at rob@conery.io. If the conversation is a good one, I would love to add it here, with your permsission, of course. Otherwise, you can always take it to HackerNews.

There's More...

👹 The Wrath of the Junior Developer
👹 The Wrath of the Junior Developer

There are a lot of opinions about AI, whether it helps or hinders our coding process and our team in general. Many are concerned that junior devs will be the ones impacted the most.

Following Your Imagination
Following Your Imagination

I learned to play ice hockey when I was 11 and, as a kid from Southern California, it wasn't easy. I learned how to skate and how to play the game at the same time, all while going through a massive growth spurt. My sister once called me a "baby giraffe on a frozen lake". Nice.

It wasn't what you said, but how you said it
It wasn't what you said, but how you said it

I make videos for a living and I swear: each one is an adventure. You would think I would have a system down by now but, as it turns out, each video is a unique thing that demands it's own type of story telling.