How to store passwords? Hash or KDF? posted April 2014
I remember a time where people would advise to just hash the password with md5 before storing it into a database.
Then md5 became a bad choice because of the rainbow tables (precomputed tables of md5). The concept of salt helped (adding a secret value to passwords before hashing them).
But hash were never meant for encrypting passwords. As KDF. But KDF seems to be better a fit for that kind of task.
See Ty's blog post "please stop hashing passwords". He makes good points and advise using those following KDFs for the job:
Scrypt is the one used in Litecoin by the way.
leave a comment...