Totally wrong. Basically, all of your "advice" is garbage.
Some real programmers, please chime in.
Topic: A public service announcement - page 3. (Read 3813 times)
Totally wrong. Basically, all of your "advice" is garbage.
Some real programmers, please chime in.
Use BCrypt, Fool!
This forum stores passwords as weak hashes derived from weak salts using fast hash functions. It is amateur hour at bitcointalk.org.
Stop using MD5 or SHA. They were never designed to store passwords and protect them from offline attacks.
For example, MTGOX foolishly stores passwords as SHA512 hashes. It should use bcrypt(). It is amateur hour at MTGOX and probably most other exchanges. The notable exception is bitcoin-central, which does use bcrypt.
Salts should be generated using proper random number generators.
Again, Use BCrypt, Fool!
This forum stores passwords as weak hashes derived from weak salts using fast hash functions. It is amateur hour at bitcointalk.org.
Stop using MD5 or SHA. They were never designed to store passwords and protect them from offline attacks.
For example, MTGOX foolishly stores passwords as SHA512 hashes. It should use bcrypt(). It is amateur hour at MTGOX and probably most other exchanges. The notable exception is bitcoin-central, which does use bcrypt.
Salts should be generated using proper random number generators.
Again, Use BCrypt, Fool!
Actually, you don't need to use bcrypt.
You can have exactly the same effect using multiple layered hashing algorithms with specified number of rounds.
You only need to increase the number of rounds once hardware gets more powerful - it will have exactly the same effect as bcrypt.
Also, i trust multiple salted hashing algorithms more than a single algorithm (blowfish), which is used in bcrypt.
Use BCrypt, Fool!
This forum stores passwords as weak hashes derived from weak salts using fast hash functions. It is amateur hour at bitcointalk.org.
Stop using MD5 or SHA. They were never designed to store passwords and protect them from offline attacks.
For example, MTGOX foolishly stores passwords as SHA512 hashes. It should use bcrypt(). It is amateur hour at MTGOX and probably most other exchanges. The notable exception is bitcoin-central, which does use bcrypt.
Salts should be generated using proper random number generators.
Again, Use BCrypt, Fool!
This forum stores passwords as weak hashes derived from weak salts using fast hash functions. It is amateur hour at bitcointalk.org.
Stop using MD5 or SHA. They were never designed to store passwords and protect them from offline attacks.
For example, MTGOX foolishly stores passwords as SHA512 hashes. It should use bcrypt(). It is amateur hour at MTGOX and probably most other exchanges. The notable exception is bitcoin-central, which does use bcrypt.
Salts should be generated using proper random number generators.
Again, Use BCrypt, Fool!
Jump to: