Search⌘ K
AI Features
Home
Courses
Practical Security: Simple Practices for Defending Your Systems

More Techniques for Password Storage

Explore how to secure password storage by using tunable, slow hashing algorithms that resist modern GPU-based cracking methods. Understand why salts alone are insufficient and learn best practices with trusted algorithms like bcrypt, scrypt, Argon2, and PBKDF2 to keep password hashes secure over time.

We'll cover the following...

GPUs

Moore’s Law has altered the landscape in this cat-and-mouse game. The problem with using general-purpose hashing algorithms for password hashing is that general-purpose hashing algorithms are designed to be really fast. And Moore’s Law makes them faster all the time. Salting doesn’t increase the number of possibilities that need to be checked; salting only changes the set of possibilities that need to be checked from one population (all the printable passwords under, say, 10 characters) to another (that same set of passwords, each prefixed with the same prefix or salt.) This is very parallelizable and a great task for the many cores in a graphical processing unit (GPU) on a modern video card. ...