What is the best algorithm for encrypting passwords

[Thirsty Traveler]

I hear that MD5 is not recommended for encrypting database passwords in that
it can be compromised. Does anyone have a recomendation (SHA-1, etc.) on an
algorithm that would be more appropriate.

 

[William Stacey [MVP]]

Sha256 would be a reasonable alternative. No hash, AFAIK, can stop
dictionary attacks - just makes them slower to run.

--
William Stacey [MVP]

|I hear that MD5 is not recommended for encrypting database passwords in
that
| it can be compromised. Does anyone have a recomendation (SHA-1, etc.) on
an
| algorithm that would be more appropriate.
|
|

 

[Marcus Andrén]

I hear that MD5 is not recommended for encrypting database passwords in that
it can be compromised. Does anyone have a recomendation (SHA-1, etc.) on an
algorithm that would be more appropriate.

The weakness in md5 has to do with the possibilty of creating two
strings with the same hash. It requires that the attacker is the
creator of both string.

This flaw affects the usabilty of MD5 for document
signing/authenticity, but as far as I can see it shouldn't cause any
security problems with password encryption.

If you want to be better safe than sorry, you could use one of the SHA
hashes.

 

[Nick H]

Just to add to that - It has long been the standard on UNIX systems not
to store passwords at all - just the hash and seed/initialization
vector.

This means that the passwords cannot be compromised in the sense that
there is no set of plain text passwords anywhere nor any way of
generating one.

It is important to use a different seed/initialization vector whenever
a password is saved so that hackers cannot just match against
pre-encrypted strings. The stored seed needs to be sent to the client
for them to encrypt their password.