A Simple Password Hash implementation

Orie Chinedu on August 09, 2019

Passwords are not stored as plain text for obvious security reasons. There are several npm packages already in place for password encryption such a... [Read Full]
markdown guide
 

Violation of rule #1 of cryptography:

Never ever invent your own crypto algorithm.

Crypto is difficult, really difficult.

Hashcat can do 25Giga-hashes per second for MD5. Only 13000 hashes per second for bcrypt with the cost parameter set to 5 (at this point 12 is advised, which is 27 more slower). So even if you would do a million rounds in the above algorithm you do not come close to bcrypt's security. Also, I have no idea if doing multiple rounds of md5 makes it more secure.

Just use bcrypt, it is battle tested and still secure.

 

Thanks for your feedback. However, if you read through the article, you would have observed that I stated clearly the intent.

This article does not aim to provide a better solution to the ones already provided by the existing libraries, rather it tends to shed some light on how the implementation works under the hood.

Also, before the Conclusion, there's a disclaimer

Disclaimer: This article does not guarantee the security of encryption implemented herein.

I hope this helps explain better.

code of conduct - report abuse