
Storing password securely - hashses, salts and bit stretching put into context - SanderMak
http://blog.zoller.lu/2012/06/storing-password-securely-hashses-salts.html
======
tptacek
That table in Colin's paper is so great. Here's a direct link to just the
table:

<http://yfrog.com/j248cp>

------
16s
Microsoft Active Directory servers store passwords as plain MD4 hashes and
have done so for more than a decade and will likely continue to do so for
another decade. <http://16s.us/ms_ad_hashes/>

------
tedunangst
bcrypt was introduced at usenix in 1999, though the source was committed in
1997. Not 2002. The article links to some random utility called bcrypt that is
completely unrelated to the bcrypt password hashing function.

~~~
16s
When I think of bcrypt, I think of OpenBSD Blowfish hashes. I hate cracking
those damn things. ;)

------
peteretep
For the love of God, please switch off "mobile enhanced" versions of your
blog. You can't pan around to view the tables because that switches to another
article, complete with sparkly transition

------
tantalor
See [http://en.wikipedia.org/wiki/Application-
specific_integrated...](http://en.wikipedia.org/wiki/Application-
specific_integrated_circuit) (ASIC)

------
ibotty
nice summary. it is missing sha-crypt though.

~~~
tedunangst
Is sha-crypt different in a meaningful way from md5-crypt except spelled a
little differently?

~~~
ibotty
ehm. yes.

(to say something substantial: see <http://www.akkadia.org/drepper/SHA-
crypt.txt>)

