Ralph said, "When hashing, choose a reasonably secure enough, yet supported method of hashing." However it would appear that password stretching or strengthening is more important that the particular hash scheme. I learned this by following Bill's third article. The article was: PBKDF2 (Password-Based Key Derivation Function) http://en.wikipedia.org/wiki/PBKDF2 (and of course other articles referenced by this)
This article lead me to here http://en.wikipedia.org/wiki/Key_strengthening and that lead me to further reading of Openwall.com which focuses on key strengthening. I am not trying to find some fool proof solution, just trying to make sense of all the options. Since stretching or strengthening was not never mentioned I am wondering if anybody has an opinion on it. -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Guidance-on-storing-passwords-securely-tp2400394p2401863.html Sent from the Zend Framework mailing list archive at Nabble.com.
