Password Hashing Algorithms (2024)

Overview

FusionAuth provides several options for password hashing schemes.

An ideal password hashing algorithm should be slow. When hashing is fast and password entropy is low, brute force attacks become a high risk. Even with enforced password policies, low password entropy can be difficult to mitigate. Choosing a slow algorithm is actually preferred for password hashing. Of the hashing schemes provided, only PBKDF2 and Bcrypt are designed to be slow which makes them the best choice for password hashing, MD5 and SHA-256 were designed to be fast and as such this makes them a less than ideal choice.

When selecting a load factor for the hashing scheme, the minimum values are provided for a starting guideline only. The factor should be set as high as possible such that the login times are still acceptable to your end users. Be cautious with setting the factor too high, especially with Bcrypt, setting the factor too high may cause login requests to take seconds or minutes to complete.

phpass MD5

version

Available Since Version 1.45.0

This is the phpass (pronounced “pH pass”) MD5 algorithm commonly used by PHP applications. This is weak hash that has been shown to be compromised and is vulnerable to brute force attacks. This hash is provided for migration purposes and it should be upgraded to a stronger hash as soon as possible.

The following is the string value used by the FusionAuth API to request this algorithm.

phpass-md5

The following pseudocode is provided to help you identify if this algorithm is likely to match your current hashing scheme such that it can be used during import.

// Given a plain text password, a base64 encoded salt and a factorhash(password, salt, factor) { result = md5(join(bytes(salt), bytes(password))) count = 0 while count < factor { count = count + 1 temp = join(result, bytes(password)) result = md5(temp) } // encode and return the first 16 bytes of the result result = result[:16] return String(base64Encode(result))}

phpass SHA-512

version

Available Since Version 1.45.0

Salted MD5

MD5 is a general purpose hashing algorithm producing a 128-bit hash. This is weak hash that has been shown to be compromised and is vulnerable to brute force attacks. This hash is provided for migration purposes and it should be upgraded to a stronger hash as soon as possible. A recommended minimum factor for this hashing algorithm is 20,000.

The following is the string value used by the FusionAuth API to request this algorithm.

salted-md5

The following pseudocode is provided to help you identify if this algorithm is likely to match your current hashing scheme such that it can be used during import.

// Given a plain text password, a base64 encoded salt and a factorhash(password, salt, factor) { result = join(bytes(password), base64Decode(bytes(salt)) count = 0 while count < factor { count = count + 1 result = md5(result) } return result}

Salted SHA-256

SHA-256 is part of the SHA-2 set of cryptographic standards. SHA-256 is a general purpose hash and similar to MD5 it was designed to be fast which makes it a less than ideal choice for a password hashing. This hash is mainly provided for migration purposes or where login performance is very critical. If login performance has not become an issue a stronger scheme should be utilized. A recommended minimum factor for this hashing algorithm is 20,000.

Salted HMAC SHA-256

HMAC SHA-256 is a hash based message authentication code. This scheme is still vulnerable to brute force attacks and like MD5 and SHA-256 is mainly provided for migration purposes or where login performance is very critical. If login performance has not become an issue a stronger scheme should be utilized. This scheme does not utilize a factor.

The following is the string value used by the FusionAuth API to request this algorithm.

salted-hmac-sha256

The following pseudocode is provided to help you identify if this algorithm is likely to match your current hashing scheme such that it can be used during import.

// Given a plain text password, a base64 encoded salt and a factorhash(password, salt, factor) { key = { salt: base64Decode(bytes(salt) algorithm: "HmacSHA256" } hmac = Mac("HmacSHA256") result = hmac(bytes(password)) return String(base64Encode(result))}

Salted PBKDF2 HMAC SHA-256

PBKDF2 (Password-Based Key Derivation Function2) applies a hash-based message authentication code (HMAC) to the salted input and iterates based upon a factor to produce the hashed output. A recommended factor for this hashing algorithm is between 5,000 and 100,000 depending on the CPU performance of your system.

FusionAuth provides two implementations of this algorithm, one with a 256 bit derived key, and another with 512 bit key.

The following are the two string values used by the FusionAuth API to request this algorithm with the 256 bit and the 512 bit key algorithm respectively.

salted-pbkdf2-hmac-sha256
salted-pbkdf2-hmac-sha256-512

The following pseudocode is provided to help you identify if this algorithm is likely to match your current hashing scheme such that it can be used during import. The following example code shows a 256 key length, the pseudocode is the same for the 512 bit key.

// Given a plain text password, a base64 encoded salt and a factorhash(password, salt, factor) { key = { password: password salt: base64Decode(bytes(salt) factor: factor keyLength: 256 } secret = pbkdf2Sha256(key) return String(base64Encode(secret))}

Salted PBKDF2 HMAC SHA-512

version

Available Since Version 1.43.0

The following is the string value used by the FusionAuth API to request this algorithm with the 512 bit key algorithm.

salted-pbkdf2-hmac-sha512-512

The following pseudocode is provided to help you identify if this algorithm is likely to match your current hashing scheme such that it can be used during import.

// Given a plain text password, a base64 encoded salt and a factorhash(password, salt, factor) { key = { password: password salt: base64Decode(bytes(salt) factor: factor keyLength: 512 } secret = pbkdf2Sha512(key) return String(base64Encode(secret))}

Salted Bcrypt

Bcrypt is a password hashing function based on the Blowfish cipher. A recommended factor for this hashing algorithm is between 8 and 14. Unlike the other mentioned hashing functions the factor for Bcrypt is not simply an iteration count. Bcrypt uses the factor as a work factor, the work factor will be calculated using the provided factor as power of 2. This means that the difference between a factor of 12 and 13 is 2x. For example 2^12 = 4096 and 2^13 = 8192.

The following is the string value used by the FusionAuth API to request this algorithm.

bcrypt

The following pseudocode is provided to help you identify if this algorithm is likely to match your current hashing scheme such that it can be used during import.

// Given a plain text password, a base64 encoded salt and a factorhash(password, salt, factor) { // Note that bcrypt uses a less common base64 character set for encoding and decoding. // - The character set is: [./A-Za-z0-9] passwordBytes = bytes(password) saltBytes = base64Decode(bytes(salt)) result = bcrypt(passwordBytes, saltBytes, factor, bcryptIV) resultLength = length(bcryptIV) * 4 - 1 result = sub(result, 0, resultLength) return base64Encode(result)}

Additional Schemes

If you require a different hashing scheme, you can build a password hashing plugin.

You may also want to review the community provided plugins repository.These are provided without any warranty of suitability but may prove useful.

FAQs

What algorithm is used to hash passwords? ›

To protect passwords, experts suggest using a strong and slow hashing algorithm like Argon2 or Bcrypt, combined with salt (or even better, with salt and pepper). (Basically, avoid faster algorithms for this usage.) To verify file signatures and certificates, SHA-256 is among your best hashing algorithm choices.

Read On ›

Is SHA-256 good for passwords? ›

SHA256 is a very popular hashing algorithm and was and is extremely common in password management. The algorithm itself is considered secure — it is impossible to reverse the encryption, so that's not the issue.

Discover More Details ›

What is the SHA-256 password algorithm? ›

If the words and symbols are the same, the 256-bit long hash would be the same, too. But if you change one little detail, the output will be different. Hashing algorithms like SHA-256 can take short passwords and 100,000-word e-books and pass them through a number of complex steps to produce a 256-bit hash value.

Is bcrypt better than SHA-256? ›

Another important detail is that SHA256 hashes don't include the salt element, which makes them more susceptible to dictionary-based cyberattacks. So while SHA256 is more suitable for applications that require frequent interaction, bcrypt is a better solution for safely storing passwords.

See Details ›

How do hackers get password hashes? ›

Once the attacker gains access to the compromised account with the stolen credentials, they may use various techniques to extract password hashes. They may scrape the active memory of the compromised system or explore system files and configuration settings to find valid password hashes.

Find Out More ›

What is the best hashing for passwords? ›

While Argon2id should be the best choice for password hashing, scrypt should be used when the former is not available. Like Argon2id, scrypt has three different parameters that can be configured: the minimum CPU/memory cost parameter (N), the blocksize (r) and the degree of parallelism (p).

Tell Me More ›

Is SHA-256 obsolete? ›

"SHA-2" is the traditional codename for a family of six functions that includes SHA-256 and SHA-512. These functions are considered completely fine and current and non-obsolete.

Show Me More ›

Is SHA 512 overkill? ›

SHA-512 Weaknesses

Slower performance than SHA-256 on 32-bit systems. Larger memory and resource requirements. SHA-256 is more widely used and has less ubiquitous support. 512-bit hashes are overkill in many non-critical use cases.

Explore More ›

How hard is it to crack SHA-256? ›

SHA256 uses "one way function" - "easy" to compute, but "hard" to reverse. For a hash function to be mathematically secure, it needs to have a formal proof that the computational complexity of a preimage or collision attack (depending on the threat) meets some criteria.

What is the weakness of SHA-256? ›

Other Limitation - Unlike some newer algorithms like BLAKE2, SHA256 cannot mathematically guarantee zero chance of collisions. While the probability is extremely low, it's not entirely eliminated. Despite its limitations, it remains a robust and secure choice.

Show Me More ›

Is it possible to reverse SHA-256? ›

Irreversible: By design, all hash functions such as the SHA 256 are irreversible. You should neither get a plaintext when you have the digest beforehand nor should the digest provide its original value when you pass it through the hash function again.

Read The Full Story ›

Can SHA-256 be broken? ›

In any case bitcoin will not survive the breaking of sha256 and this will happen in less than 10 years. Sha256 will be replaced, but even if it's cracked before a replacement, there are alternatives ready to be deployed with a fork.

See Details ›

What is the safest hashing algorithm? ›

Common attacks like brute force attacks can take years or even decades to crack the hash digest, so SHA-2 is considered the most secure hash algorithm.

Get More Info Here ›

What is the strongest SHA algorithm? ›

Final Thoughts on What Is the Most Secure Hashing Algorithm

To the time of writing, SHA-256 is still the most secure hashing algorithm out there. It has never been reverse engineered and is used by many software organizations and institutions, including the U.S. government, to protect sensitive information.

Is bcrypt safe for password hashing? ›

As you can see in the below table, the cost factor of bcrypt makes it extremely secure against brute force attacks thanks to its slow-working hashing algorithm.

Which algorithm is used for hashing? ›

Some common hashing algorithms include MD5, SHA-1, SHA-2, NTLM, and LANMAN. MD5: This is the fifth version of the Message Digest algorithm. MD5 creates 128-bit outputs. MD5 was a very commonly used hashing algorithm.

View Details ›

Is SHA-256 better than MD5? ›

SHA256 has several advantages over MD5 and SHA-1, such as producing a longer hash (256 bits) that is more resistant to collisions and brute-force attacks. Additionally, there are no known vulnerabilities or weaknesses with SHA256, unlike MD5 and SHA-1 which have been exploited by hackers and researchers.

What is the SHA-256 hashing algorithm? ›

SHA-256 refers to a cryptographic hash function that belongs to the SHA-2 (Secure Hash Algorithm 2) family. It generates a fixed-size 256-bit (32-byte) hash value from input data of arbitrary length. SHA-256 is widely used in cryptography and data integrity verification.

Learn More ›

What is hash key algorithm? ›

A hash key is the output from a hashing algorithm, where a specific input value is transformed into a distinct, unique string per input value. The purpose of hash keys in this context is to provide a surrogate key for business keys, composite business keys and business key combinations.

Discover More Details ›