key stretching

Architect

Feb 25, 2016 · Information Security

Proper Password Hashing: Salting, Key Stretching, and Secure Implementation

This article explains why simple password hashing is insufficient, describes common attacks such as dictionary, brute‑force, lookup‑table and rainbow‑table attacks, and provides best‑practice guidance—including random salts, CSPRNGs, key‑stretching algorithms like PBKDF2, bcrypt and scrypt—and complete PHP reference implementations.