Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash algorithm unsafe #40

Open
mishari opened this issue Nov 25, 2018 · 2 comments
Open

Hash algorithm unsafe #40

mishari opened this issue Nov 25, 2018 · 2 comments

Comments

@mishari
Copy link

mishari commented Nov 25, 2018

I mentioned this to @taneekpek at Barcamp. I would like to propose that bcrypt is used as a hash algorithm instead of sha256.
@re7eal
Copy link
Collaborator

re7eal commented Nov 25, 2018

Can you elaborate your concern so that others who are working on the project may know the reason(s) without asking @taneekpet one by one?

@taneekpet
Copy link
Contributor

IIRC, he mentioned that SHA256 is subjected to brute force attack while bcrypt is specially design to prevent this.
As I say at Barcamp, we increase the hash input space by adding salt.
However, thank you for your suggestion.
It should be good idea to look into bcrypt to see if it's more secure than SHA256 and if it's widely-supported by HSM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mishari @re7eal @taneekpet