You shouldn't use any general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3

时间：2020-05-29 20:29:00 阅读：52 评论：0 收藏：0 [点我收藏+]

hashlib — Secure hashes and message digests — Python 3.8.3 documentation https://docs.python.org/3.8/library/hashlib.html#randomized-hashing

BLAKE2 https://blake2.net/#qa

Q: So I shouldn‘t use BLAKE2 for hashing user passwords?

A: You shouldn‘t use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3. Instead you should use a password hashing function such as the PHC winner Argon2 with appropriate time and memory cost parameters, to mitigate the risk of bruteforce attacks—Argon2‘s core uses a variant of BLAKE2‘s permutation.

You shouldn't use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3

原文：https://www.cnblogs.com/yuanjiangw/p/12987074.html

踩

(0)

评论一句话评论（0）