I'm not saying I disagree, I'm just frustrated that the MOST important thing in the world for web developers (storing passwords) is still the MOST half-assed process.
Where's the super-simple-recently-updated-one-line call? Use bcrypt? What about scrypt? What about salting, md5, sha1, sha256, sha512, blowfish...
Here's what I want:
String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.SECURE);
//or
String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.FAST);
Something like that, updated whenever a better process comes up, seamless, backwards compatible and universally accepted (Something ported to php, ruby, grails, nodejs, java, c#, python etc...). Does that exist?
I thought salting passwords had been crypto 101 since at least the 90s. Does anyone here know how often are big companies are still using unsalted passwords?
3 comments
[ 0.21 ms ] story [ 19.1 ms ] threadhttp://codahale.com/how-to-safely-store-a-password/
http://www.mindrot.org/projects/jBCrypt/ - last updated 2010
http://bcrypt.sourceforge.net/ - updated 2002
http://news.ycombinator.com/item?id=601408 - bcrypt is now obsolete
http://stackoverflow.com/questions/615704/preferred-method-o... no mention of it
I'm not saying I disagree, I'm just frustrated that the MOST important thing in the world for web developers (storing passwords) is still the MOST half-assed process.
Where's the super-simple-recently-updated-one-line call? Use bcrypt? What about scrypt? What about salting, md5, sha1, sha256, sha512, blowfish...
Here's what I want:
String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.SECURE); //or String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.FAST);
boolean matches = MrCrypto.matches("Pa33W0rd", value);
Something like that, updated whenever a better process comes up, seamless, backwards compatible and universally accepted (Something ported to php, ruby, grails, nodejs, java, c#, python etc...). Does that exist?