tags:

views:

523

answers:

5
+2  Q: 

What is the strongest hashing algorithm commonly available today?

I'm building a web application and would like to use the strongest hashing algorithm possible for passwords. What are the differences, if any, between sha512, whirlpool, ripemd160 and tiger192,4? Which one would be considered cryptographically stronger?

+4  A: 

bCrypt - Why would be a very long explanation, for which I recommend Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes

Basically, it's secure, it's slow, it's already implemented.

Tom Ritter  2008-10-08 18:20:57
A: 

Mathematically, no idea. Though, I suppose, the general rule is the longer the final hash, the better -- assuming you can store the difference over a smaller hash.

Determining collisions is also helpful. And, with that, I'd say your choice of the algorithms you listed.

Jonathan Lonowski  2008-10-08 18:21:22
"the general rule is the longer the final hash, the better". That's very faulty reasoning. I could hash may password as "drowssap" with a zillion random characters after it -- that's a very poor hash. Strength is better determined by the computational complexity.
TrickyNixon  2008-10-08 18:37:58
A: 

Here's a good post on coding horror about storing passwords. In short, he suggests bcrypt or SHA-2 with a random unique salt.

Daniel Plaisted  2008-10-08 18:26:38
+2  A: 

David, those are all plenty strong functions. Even the much-ballyhooed MD5 collisions are not of the password-cracking variety, they just generate two different strings with the same MD5 (a very different proposition from finding a string that generates a given MD5 value).

If you are concerned about the security of the passwords, you need to worry about the protocols used to store them, the protocols used to recover passwords forgotten by users, and all the other possible avenues of attack. Those options are used far more often to crack passwords than brute-force crtyptanalysis.

Do use a salt, though.

But first read the article AviewAnew posted

SquareCog  2008-10-08 18:30:10
A: 

If you are actually concerned about the security of your system (as opposed to the quite academic strength of algorithms) then you should go with a proven and mature implementation instead of nitpicking algorithms.

I would recommend Ulrich Drepper's SHA-crypt implementation. This implementation uses SHA-512, a 16 character long salt, is peer reviewed and scheduled to go into all major Linux distributions via glibc 2.7.

P.S.: Once you have reached this level of security, you'll be visited by the black helicopters anyways.

David Schmitt  2008-10-08 18:48:27

related questions

Remove duplicate items with minimal auxillary memory?
Most efficient sorting algorithm for many identical keys?
Detecting if two images are visually identical
How come MD5 hash values are not reversible?
A PHP hash function with a long output length?
Faster MD5 alternative?
I need to get the password which is Hashed in ASP.net
Recommended hash for passwords in ASP Classic
Best hashing algorithm in terms of hash collisions and performance
MySQL: what data type to use for hashed password field and what length?
What is the most secure hashing algorithm in the .NET framework?
Protecting user passwords in desktop applications (Rev 2)
Protecting user passwords in desktop applications
Why are there multiple different hashing algorithm providers in System.Security.Cryptopgraphy?
The necessity of hiding the salt for a hash
How many random elements before MD5 produces collisions?
Hardware Acceleration for non-SSL based signing and encryption.
What is the optimal length for user password salt?
HashSet vs. List performance
How to compute the hashCode() from the object's address?
What is the salt in Enterprise Library HashProvider ? (SaltEnabled key)
What algorithm should I use to hash passwords into my database?
What is a performant string hashing function that results in a 32 bit integer with low collision rates?
unpatented one-way encryption algorithm