According to various comments I've seen on blogs, Reddit, etc., Destructoid didn’t even hash their passwords.
I was kinda worried because I run a lower-key gaming site (http://forum.fangamer.com ), but I salt and seed my passwords and use a lesser-known 1024-bit hash function opposed to popular ones like MD5 and SHA-1.
Everything sounded great until you said "a lesser known" hash function. Use one that's well known enough to have been extensively attacked by the crypto community.
It's Whirlpool (http://en.wikipedia.org/wiki/Whirlpool_(cryptography) ) which has common libraries in PHP & Ruby and accepted in a couple of international standards. I think it's better to replace "lesser known" with "uncommonly used".
(Also I messed up and it's a 512-bit hash, not 1024 like I said above.)
3 comments
[ 2.9 ms ] story [ 17.8 ms ] threadI was kinda worried because I run a lower-key gaming site (http://forum.fangamer.com ), but I salt and seed my passwords and use a lesser-known 1024-bit hash function opposed to popular ones like MD5 and SHA-1.
(Also I messed up and it's a 512-bit hash, not 1024 like I said above.)