Password Encryption Algorithms: Just Use BCrypt?

I started off researching the question “What are some common encryption algorithms and their tradeoffs?” And I came across the (more general and arguably more interesting) question of “How much should we as developers be informed before we can make informed decisions?”

Encryption Questions

Encryption topics make the rounds on the internet from time to time, and many times there is a chorus of Just Use BCrypt. Cryptography can be a very involved subject that you probably don’t have time to dedicate your life to, and you could easily make dangerous mistakes if you stray from the tried and true.

On the other hand, blindly accepting decisions made for you can also be dangerous. Is it following a cargo cult to say Just Use BCrypt?

My Take On It

So: What encryption algorithm should I use? After a couple hours of due diligence, I don’t have a problem with just using bcrypt. As far as I can tell it’s well understood and is widely accepted and used. We can use that answer instead of “the internet told me to.” 🙂

How much should I be informed before I can make that informed decision? After doing SOME research, it’s not hard to at least see what the options are and decide if there’s a consensus in the community around that specific area. I feel that as a professional, it’s my responsibility to deliver the best value. Learning the deep intricacies of cryptography does not deliver as much value towards my software as performing due diligence, making a reasonable choice, educating myself on proper usage, and moving forward.

Otherwise… disastrous hilarity ensues!

Questions

What encryption algorithm do you use for passwords in your system? How much about cryptography did you learn before making what you felt was an informed decision?

Advertisements

1 Comment

Filed under Software Engineering

One response to “Password Encryption Algorithms: Just Use BCrypt?

  1. I’m in the process of moving to bcrypt for all my stuff as well as it being my default answer to what people should use.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s