码迷,mamicode.com
首页 > 其他好文 > 详细

You shouldn't use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3

时间:2020-05-29 21:26:06      阅读:81      评论:0      收藏:0      [点我收藏+]

标签:var   strong   fun   hashlib   nbsp   time   iat   hashing   mes   

hashlib — Secure hashes and message digests — Python 3.8.3 documentation https://docs.python.org/3.8/library/hashlib.html#randomized-hashing

BLAKE2 https://blake2.net/#qa

Q: So I shouldn‘t use BLAKE2 for hashing user passwords? 

A: You shouldn‘t use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3. Instead you should use a password hashing function such as the PHC winner Argon2 with appropriate time and memory cost parameters, to mitigate the risk of bruteforce attacks—Argon2‘s core uses a variant of BLAKE2‘s permutation.

You shouldn't use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3

标签:var   strong   fun   hashlib   nbsp   time   iat   hashing   mes   

原文地址:https://www.cnblogs.com/yuanjiangw/p/12987074.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!