Bitcoin Forum

If you think your user's passwords are secure because you're using a 512-bit iterated hash salting algorithm, you're incredibly mistaken.

This article tells you why bcrypt should be the proper way to securely store our passwords:

http://codahale.com/how-to-safely-store-a-password/

Every day we hear about more systems being compromised, and frankly, I'm sick of my passwords getting stolen.  Let's start using secure password storage mechanisms instead of generic hashing algorithms and make the entire community more secure.

</soapbox mode=off>
<flame retardant suit=on>

They can simply use multi-iteration like one million times to achieve the same effects. It will put much load on the server, however, they should be able to find a best trade off.

Not really - multi-iteration salting doesn't scale with Moore's law.  When faster CPUs/GPUs come out next year you would have to keep increasing the number of salting iterations.  All of these salting iterations are hand-coded as well, making it tremendously tedious to keep updating.

Normal hash functions like MDA5, SHA-1, SHA-256 are designed to be incredibly fast.  We don't want figuring out passwords to be this fast, so bcrypt is a perfect algorithm because it was designed to have a work factor so that it can be made slower.

I would much rather have to wait 100ms to login to a secure BTC exchange rather than have my password brute-forced by a GPU cracker in just a few seconds.

Stormy, the article you linked to makes a strong case for using bcrypt. Do you know of an article that discusses the practicalities, preferably with source code examples or a library?

Yes, my recommendation would be to use a publicly available library like phpass (if your website is PHP based).  The public libraries have had more sets of eyes to look them over and find potential security problems:

http://www.openwall.com/phpass/

And here is an example of how to code this:

http://stackoverflow.com/questions/1581610/help-me-make-my-password-storage-safe/1581919#1581919