"Back in January, I was having a causal conversation about
passwords at a local gathering about security and was asked what we
use for storing the passwords. I stated that we are using sha-512
w/ per user salts but we are looking at moving away from this
standard to something much stronger.
The response that I received from this person was pretty much in
line with other comments I have received and seen on some of our
forums. The two most common responses are: "Oh good, you are using
per user salts" and "yeah, using sha-512 is much better than md5."
Granted, these comments are true, using sha-512 is better than
using md5 and better than not using per user salts but there is
still a weakness that I feel is overlooked."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.