Photo by Mauro Sbicego on Unsplash

Crypt For Passwords

Let’s talk about password hashing. Whenever I review code, I’m always surpised to see that many developers still hash secrets with SHA-1 or SHA-256 to generate encryption keys or to store passwords. Overall, these hashing methods are fast, and are thus prone to brute force analysis with GPU cracking.

In OpenSSL, we have support for a number of hashed password options [here]: