Linked Questions

I am creating a web app, and I was wondering if it would be secure to use 100,000 iterations of sha256 for storing passwords? I know that there are algorithms such as scrypt and bcrypt, however, I was ...

What is nowadays (July 2012) the recommended number of bcrypt rounds for hashing a password for an average website (storing only name, emailaddress and home address, but no creditcard or medical ...

Does larger hash size improve the security? Is it overkill to use a 512-bit hash? If I stored only 256 bits of the PBKDF2-SHA512 derived key, is it less, equal or safer than 256 bits of PBKDF2-SHA256? ...

I'm rolling my own, personal threetags.com-style 'encrypted data in the cloud' webapp (I didn't like the UI, and lack of non-browser client). However, I have absolutely no experience with security ...

Assuming that I'm doing password hashing properly and using bcrypt, scrypt or PBKDF2, how should I go about choosing an appropriate difficulty factor? i.e rounds for bcrypt, iterations for PBKDF2 and ...

Can I brute-force a password hash even if I don't know the underlying algorithm? For example if I get hold of a database with password hashes and the used hash algorithm is unknown, like a random ...

I'm currently developing a small project in PHP, and as it involves user authentication, I've been researching what options I've got regarding hashing. I've settled on PBKDF2 primarily due to it's ...

Inspired by this question about the difficulty of cracking a KeePass database, I'm wondering if changing the default number of iterations in an encryption application (e.g., KeePass) increases ...

I have created a self signed certificate using Powershell's New-SelfSignedCertificate, with the intention of encrypting and storing a username / password in public. Specifically using - New-...

From this question, the OP posited taking a user's entered password, running it through BCrypt, then running that through SHA256 to produce a 256-bit password-derived key. (EDIT: To clarify, these two ...

Assume I am hashing user passwords with PBKDF2, bcrypt, scrypt, or some other secure key derivation function. Are there: tangible security benefits, precedents, and respected research for protecting ...

Since the best example of pooled resource to crack hashes is the bitcoin network, currently churning through 2.14 ExaHashes/s. I want to ask, if the resources of this network were pointed towards ...

I am looking for a technical estimate of how bad the situation is regarding the recent hack of lastpass. The hack was covered by several outlets: Naked Security, Ars Technica. Lastpass has admitted ...

I've been trying to look for the answer, but the latest one I found was outdated by three years. So what are the recommended scrypt cost factors for 2016?

I have been following this very useful post by Thomas. My use case is slightly different. I am developing a mobile application which requires some sensitive data to be stored on the device in a SQLite ...