You shouldn't use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3

标签：var   strong   fun   hashlib   nbsp   time   iat   hashing   mes   

hashlib — Secure hashes and message digests — Python 3.8.3 documentation https://docs.python.org/3.8/library/hashlib.html#randomized-hashing

BLAKE2 https://blake2.net/#qa

Q: So I shouldn‘t use BLAKE2 for hashing user passwords? 

A: You shouldn‘t use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3. Instead you should use a password hashing function such as the PHC winner Argon2 with appropriate time and memory cost parameters, to mitigate the risk of bruteforce attacks—Argon2‘s core uses a variant of BLAKE2‘s permutation.

You shouldn't use *any* general-purpose hash function for user passwords, not BLAKE2, and not MD5, SHA-1, SHA-256, or SHA-3

标签：var   strong   fun   hashlib   nbsp   time   iat   hashing   mes   

原文地址：https://www.cnblogs.com/yuanjiangw/p/12987074.html