When securing passwords, the effectiveness of the hashing algorithm must also be taken into consideration. Passwords these days should be hashed using AT LEAST the SHA-256 message digest, which produces a much stronger hash than the now-defunct MD5. The main reason for this is that the SHA-256 method produces a hash that is twice the size of its older counterpart (256 bits as opposed to 128 for MD5). More data contained within a hash means a greater number of possible combinations and greater protection from rainbow tables and brute-force attacks.

SHA-256 is a member of the SHA-2 family, which has become more popular after flaws were discovered in the SHA-1 family back in 2005. However, it does have a major drawback, that we touched on in the previous article: SHA-2 is fast, and that’s not what we want. More →