2 results
tagged
pbkdf2
As of May 2023, OWASP recommends the following KDFs for password hashing, listed in order of priority:
- Argon2id
- scrypt if Argon2id is unavailable
- bcrypt for legacy systems
- PBKDF2 if FIPS-140 compliance is required
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
@SlexAxton @rem definitely use pbkdf2. See for details and to s/bcrypt/pbkdf2. Sha-ing won’t do.