Storing Passwords
…storing plaintext passwords in the database is strictly forbidden—that there’s a better way, starting with basic hashes.
Hashing the passwords prevents plaintext exposure, but it also means you’ll be vulnerable to the astonishingly effective rainbow table attack I documented last week. Hashes alone are better than plain text, but barely. It’s not enough to thwart a determined attacker. Fortunately, the kryptonite for rainbow table attacks is simple enough—add a salt value to the hashes to make them unique.
The problem is that MD5 is fast. So are its modern competitors, like SHA1 and SHA256. Speed is a design goal of a modern secure hash, because hashes are a building block of almost every cryptosystem, and usually get demand-executed on a per-packet or per-message basis.
Speed is exactly what you don’t want in a password hash function.
