Hackers are ready...

Still takes 85838298474628193636281 years 😆

Good visualisation of how hard it is to crack sha256
https://youtu.be/S9JGmA5_unY

@Froot that is true. But most of the people haven't updated the hashes to sha256.
They are still using sha1 or worse, MD5! XD

@bugHunter True. And they probably also don't salt their hashes to make sure it's easily googled 😆

@Froot Hashcat ftw!

I'm not really into hash algorithms, sooooo... What's your opinion about bcrypt? Also, which one is the most efficient one to use in production in your opinion? (not too slow + still pretty secure = efficient in this context)

@wildcard I use pbkdf2 with 10k iterations. You want the hashing to be just slow enough, if it's too fast it's too weak

@Froot yes, but I'm wondering if it causes performance issues if it's too slow...
Edit: also thanks for the suggestion, I gotta check that algo out, I've never heard of it!

@Letmecode:
My only qualm with bcrypt is its max password length issue.

Some of my users have passwords in excess of 100 characters, and bcrypt simply truncates that input, resulting in... a 92 char password iirc?

It's still secure _enough_, but. It could be better. Besides, it would be scary for the user if they add garbage to the end (or delete/replace a few trailing chars) and still log in successfully...

Come at me bro I got the sword of sha256 salted bcrypt. That a pretty big dice to roll my bets are on me :)

sha512 ftw

@bugHunter @Froot This is the reason I BCrypt.

I use argon2i FTW

I'm just new to hashing. And I use original blowfish with unique salt. Is it outdated?

@Froot I use sha512 + salt for my password manager.