Is it still safe for large production applications with a large user base to use bcrypt as the password hashing algorithm ?

twitter logo github logo ・1 min read

I have been doing backend dev for 3 years now, i read couple of articles recently which says argon2 is much more safer than bcrypt everyone should switch to it.

Is it still safe for large production applications with a large user base to use bcrypt as the password hashing algorithm or should it switch ?

twitter logo DISCUSS (3)
markdown guide
 

The problem with bcrypt is that, it's very secure if you know what you are doing. Select the wrong parameters and you can screw everything.
On the other hand, newer implementations will not allow you to selece insecure hashes and being easier to use.

 

SO there is no need for changing it if i am using the bcrypt out of a std library like device for rails or passport for node ?

 

I can't guarantee you that. You should read to understand best practices to use bcrypt and make sure you are following all of them.

Classic DEV Post from Apr 1

Tell me about a time you messed up

So I brought down the site for a little while this morning. Now I'm interested ...

Nijeesh Joshy profile image
Some one Who Love to Code ,Create and Experiment with Everything

dev.to now has dark mode.

Go to the "misc" section of your settings and select night theme ❤️