Coffeehouse Post

Single Post Permalink

View Thread: Apparently the IPO didn't fund Linkedin enough to hire decent programmers
  • User profile image
    blowdart

    , ZippyV wrote

    @blowdart: What about using bcrypt instead of SHA for hashing passwords? Isn't SHA too fast to prevent brute-forcing all the passwords (even with salt)?

    Yea, there's been some interesting discussion around that recently. Even then it's only a matter of time before someone comes up with an optimised way to precompute bcrypt hashes - computation time is getting cheaper and cheaper.

    The only sensible advice I have around this is to store the algorithm used beside the salt and the hash so you can change it later when you have to and still support older hashes.