You guys know that I’m not a cryptography expert. In fact, I didn’t use hashing and salting well until my second year as a programmer during college.
It’s recently come to my attention that using MD5 or SHA as your hashing methods is not good enough.
While it does its job at hashing data, the problem is that it’s just too fast.
A determined computer hacker with enough horsepower (machines) can verify passwords really fast. For example, a modern server can calculate the MD5 hash over 320MB every second.
You see the problem?
BCrypt solves that problem, by using a work factor. Meaning, you decide how long it’s going to take to hash data. So no matter how faster computers get, you can tweak up that factor and still hash your passwords at the speed you wish.
Read more: Sergio Tapia | Lost in The GC