You shouldn't use any general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3

hashlib — Secure hashes and message digests — Python 3.8.3 documentation https://docs.python.org/3.8/library/hashlib.html#randomized-hashing

BLAKE2 https://blake2.net/#qa

Q: So I shouldn't use BLAKE2 for hashing user passwords?

A: You shouldn't use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3. Instead you should use a password hashing function such as the PHC winner Argon2 with appropriate time and memory cost parameters, to mitigate the risk of bruteforce attacks—Argon2's core uses a variant of BLAKE2's permutation.

posted @ 2020-05-29 19:33 papering 阅读(189) 评论(0) 编辑收藏举报

刷新页面返回顶部