Yes, thanks for the refresher. ;-) But as I said, for non-crypto requirements weak data (or password) obfuscation can be sufficient. For such weak purposes an FNV-1 code 3-liner may be adequate.
For comparison: The Argon-2 github shows about 2000 lines of C code. Am Montag, 7. Januar 2019 16:28:21 UTC+1 schrieb Sam Whited: > > On Mon, Jan 7, 2019, at 07:58, minf...@arcor.de <javascript:> wrote: > > I've often encountered demands for password encryption, where simple > string > > hashing would suffice. > > You should never encrypt passwords; encryption implies that you can get > the original password back out, it's a two way street. > Some form of hashing is always what you want (of course, you can't just > hash and call it a day; there's still more work to do). > > > Speed-wise FNV-1a is barely to beat. Add some magic number to the > > result and you are good enough. > > The algo fits in a single handful of lines. > > You also don't want speed when hashing passwords, this is why all the > methods other people have been listing (I use Argon2 or PBKDF.2 depending > on the application, personally) are actually a type of hash called a > Key-derivation function (KDF). FNV-1 is not a cryptographic hash function > and is not suitable for password storage. > > OWASP has a good overview of password storage if you're interested: > https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet > > —Sam > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
