On Mon, Jan 7, 2019, at 07:58, minfo...@arcor.de wrote: > I've often encountered demands for password encryption, where simple string > hashing would suffice.
You should never encrypt passwords; encryption implies that you can get the original password back out, it's a two way street. Some form of hashing is always what you want (of course, you can't just hash and call it a day; there's still more work to do). > Speed-wise FNV-1a is barely to beat. Add some magic number to the > result and you are good enough. > The algo fits in a single handful of lines. You also don't want speed when hashing passwords, this is why all the methods other people have been listing (I use Argon2 or PBKDF.2 depending on the application, personally) are actually a type of hash called a Key-derivation function (KDF). FNV-1 is not a cryptographic hash function and is not suitable for password storage. OWASP has a good overview of password storage if you're interested: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet —Sam -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
