re: A Simple Password Hash implementation VIEW POST

FULL DISCUSSION
 

Violation of rule #1 of cryptography:

Never ever invent your own crypto algorithm.

Crypto is difficult, really difficult.

Hashcat can do 25Giga-hashes per second for MD5. Only 13000 hashes per second for bcrypt with the cost parameter set to 5 (at this point 12 is advised, which is 27 more slower). So even if you would do a million rounds in the above algorithm you do not come close to bcrypt's security. Also, I have no idea if doing multiple rounds of md5 makes it more secure.

Just use bcrypt, it is battle tested and still secure.

 

Thanks for your feedback. However, if you read through the article, you would have observed that I stated clearly the intent.

This article does not aim to provide a better solution to the ones already provided by the existing libraries, rather it tends to shed some light on how the implementation works under the hood.

Also, before the Conclusion, there's a disclaimer

Disclaimer: This article does not guarantee the security of encryption implemented herein.

I hope this helps explain better.

code of conduct - report abuse