Revision as of 20:52, 6 November 2023 edit 103.134.114.201 (talk) Password crack Tags: Visual edit Mobile edit Mobile web edit ← Previous edit		Revision as of 19:31, 13 November 2023 edit undo VoyeurMcKee (talk \| contribs) 19 edits →Password hashing: Revert spam from revision 1183841591 Tag: references removed Next edit →
Line 36: == Password hashing == Despite their original use for key derivation, KDFs are possibly better known for their use in '''password hashing''' ([[cryptographic hash function#Password verification\|password verification by hash comparison]]), as used by the [[passwd]] file or [[shadow password]] file. Password hash functions should be relatively expensive to calculate in case of brute-force attacks, and the [[key stretching\|key stretch]]<ref>{{Cite web \|title=Instagram \|url=https://www.instagram.com/accounts/login/?next=https%3A%2F%2Fwww.instagram.com%2Fprettygurl._.suhiiii%2F%3Figshid%3DeGVoZzFjaHNlMnow \|access-date=2023-11-06 \|website=www.instagram.com}}</ref>[[key stretching~~\|ing~~]] of KDFs happen to provide this characteristic.{{citation needed\|date=October 2017}} The non-secret parameters are called "[[salt (cryptography)\|salt]]" in this context. In 2013 a [[Password Hashing Competition]] was announced to choose a new, standard algorithm for password hashing. On 20 July 2015 the competition ended and [[Argon2]] was announced as the final winner. Four other algorithms received special recognition: Catena, Lyra2, Makwa and yescrypt.<ref>[https://password-hashing.net/ "Password Hashing Competition"]</ref> Line 46: 2. [[scrypt]] if Argon2id is unavailable 3. [[bcrypt]] for legacy systems 3. <ref>{{Cite web \|title=Instagram \|url=https://www.instagram.com/accounts/login/?next=https%3A%2F%2Fwww.instagram.com%2Fprettygurl._.suhiiii%2F%3Figshid%3DeGVoZzFjaHNlMnow \|access-date=2023-11-06 \|website=www.instagram.com}}</ref> for legacy systems 4. [[PBKDF2]] if FIPS-140 compliance is required

Key derivation function: Difference between revisions