Password Hashing Algorithms used in Software pronounced as [faus]
(with a silent i) is a simple overview of password hashing algorithms used in software with authentication capabilities.
👉The goal is to evaluate the security of the algorithms used in the respective program.
❔ Rating is based on:
* in combination with another symbol
- Currently one of the best*: ✔️
- Good but not perfect: 🟢
- Moderate: 🟡
- Bad: 🔴
- Couldn't be worse*: ❌
italic entry = legacy or outdated source
Overview about typical algorithms and their rating
PH-Algorithm | Rating | Explanation |
---|---|---|
Argon2(i/d/id) (with/without Salt) | 🟢✔️ | State-of-the-Art (Winner of Password Hashing Competition) [1] [2] [Git] |
Yescrypt (with/without Salt) | 🟢✔️ | Password Hashing Competition finalist with special recognitions [1] [2] |
Catena (with/without Salt) | 🟢✔️ | kind of scrypt, Password Hashing Competition finalist with special recognitions [1] [2] |
Lyra2 (with/without Salt) | 🟢✔️ | Password Hashing Competition finalist with special recognitions [1] [2] |
Makwa (with/without Salt) | 🟢✔️ | Password Hashing Competition finalist with special recognitions [1] [2] |
Pufferfish (with/without Salt) | 🟢 | kind of blowfish, Password Hashing Competition finalist [1] [2] |
bcrypt (with/without Salt) | 🟢 | kind of blowfish, crypt ($2a), [1] [2] |
scrypt (with/without Salt) | 🟢 | [1] [2] |
PBKDF2 (with Salt and/or high key-stretching) | 🟢 | [1] [2] [3] |
SHA2/3 (with Salt and/or key-stretching) | 🟢 | crypt ($5, $6), [1] |
Blake2b (with Salt and/or key-stretching) | 🟢 | [1] |
PBKDF2 (without Salt and with high key-stretching) | 🟡🟢 | |
SHA2/3 512 bit (without Salt) | 🟡🟢 | |
Blake2b 512 bit (without Salt) | 🟡🟢 | |
SHA2/3 256 bit (without Salt) | 🟡 | |
RIPEMD-160 (with Salt and/or key-stretching) | 🔴🟡 | [1] [2] |
SHA1 (with Salt and/or key-stretching) | 🔴🟡 | collission + length extension attacks [1] [2] [3] |
MD5 (with Salt and/or key-stretching) | 🔴🟡 | crypt ($1), collission + length extension attacks [1] [2] |
RIPEMD-160 (without Salt) | 🔴 | |
SHA1 (without Salt) | 🔴 | |
MD5 (without Salt) | 🔴 | |
GOST (without Salt) | 🔴 | collission + preimage attacks [1] |
MD4 (without/with Salt and/or key-stretching) | 🔴❌ | Rainbow Tables available, Collission Attacks [1] |
NTLM-Hash | 🔴❌ | Based on MD4 without key-stretching, Salt, ..., [1] |
DES | 🔴❌ | obsolete Encryption-Algorithm, [1] |
LM-Hash | 🔴❌ | Rainbow Tables available, Collission Attacks, [1] [2] |
CRC32 | 🔴❌ | just a error-detecting code |
General: Any Encryption Algorithm | 🔴 | Encryption Key is somewhere on the system?!? |
Web-Applications / Software
Program name | Versions | PH-Algorithm → Rating | Sources | Extras + Date accessed |
---|---|---|---|---|
Adobe | - | 3DES using ECB Mode → 🔴❌ | [1] | password leak of 2013 → 19-02-2024 |
Aegis Authenticator | all | scrypt → 🟢 | [1] | → 19-02-2024 |
Ansible | all | MD5, blowfish → 🔴 SHA256, SHA512 (default) (with Salt) → 🟢 |
[1] | → 19-02-2024 |
Bareos | all | MD5 → 🔴 | [1] | → 19-02-2024 |
Bitwarden, Vaultwarden | all | PBKDF2 (with Salt and/or key-stretching (default: 600.000)) → 🟢 or Argon2id (64MiB, 3 times, 4 threads) → 🟢✔️ |
[1], [2] | Salt is username/e-mail → 19-02-2024 |
CheckMK | >2.1.0p16 >2.2.0b1 | bcrypt → 🟢 SHA256 (with Salt and/or key-stretching) → 🟢 |
[1] | → 19-02-2024 |
CheckMK | <=2.1.0p16 <=2.2.0b1 | DES → 🔴❌ MD5 (with Salt and/or key-stretching) → 🔴🟡 SHA256 (with Salt and/or key-stretching) → 🟢 |
[1] | → 19-02-2024 |
Drupal | all | based on PHP password_hash() (default: bcrypt) → 🟢 | [1] | → 19-02-2024 |
FileGator | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
Froxlor | >= 2.0.0 | bcrypt → 🟢 Argon2(i,id) → 🟢✔️ |
[1] | versions <2.0.0 uses Linux crypt() (see Linux section) → 19-02-2024 |
Gitea | all | bcrypt, scrypt, PBKDF2 (with Salt) → 🟢 Argon2 with Salt, time=2, memory=64*1024, threads=8, keyLen=50 → 🟢✔️ |
[1] | → 19-02-2024 |
Gophish | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
ILIAS e-Learning | >5.(0,1,2).X | bcrypt (with/without Salt) → 🟢 | [1] | → 19-02-2024 |
ILIAS e-Learning | <5.(0,1,2).X | MD5 without Salt → 🔴 | [1] | → 19-02-2024 |
ISPconfig | all | crypt Linux defaults → 🔴🟡 or 🟢 | → 19-02-2024 | |
Joomla | >4.0.0 | MD5 (without Salt) → 🔴 bcrypt (default) → 🟢 Argon2(i, id) → 🟢✔️ |
[1] | → 19-02-2024 |
Joplin | all, >3.2.1 | SHA256 (without Salt) → 🟡 PBKDF2 (with Salt and Key stretching (220.000)) → 🟢 |
[1] [2] | → 14-12-2024 |
KeePass | >2.X | AES-KDF → 🔴 Argon2(d, id) → 🟢✔️ |
[1] | → 19-02-2024 |
LastPass | - | PBKDF2 key-stretching 100.100 → 🟢 | [1] | → 19-02-2024 |
LDAP | ? | SHA1, MD5 with and without Salt → 🔴, 🔴🟡 Linux crypt(3) (MD5, Blowfish, SHA2 (256, 512 bit)) with Salt and Key stretching → 🔴🟡 up to 🟢 |
[1] [2] [3] | official RFC specifies no encryption/hash → 19-02-2024 |
Mastodon | all | bcrypt → 🟢 | [1] | → 19-02-2024 |
Mediawiki | >=? - <1.33 | MD5 (with/without Salt) → 🔴, 🔴🟡 PBKDF2, bcrypt (with/without Salt) → 🟢 |
[1] | → 03-03-2024 |
Mediawiki | >=1.33 | MD5 (with/without Salt) → 🔴, 🔴🟡 PBKDF2, bcrypt (with/without Salt) → 🟢 Argon2(i, id) → 🟢✔️ |
[1] | → 03-03-2024 |
Moodle | <2.3 | MD5 → 🔴 | [1] | → 14-12-2024 |
Moodle | 2.3 - 4.3 | MD5 → 🔴 bcrypt (with Salt) → 🟢 |
[1] | → 14-12-2024 |
Moodle | >=4.3 | bcrypt (with Salt) → 🟢 SHA512 (with Salt and key-stretching) → 🟢 |
[1] | → 14-12-2024 |
MotionEye | all | SHA1 (without Salt) → 🔴 | [1] | → 14-12-2024 |
MySQL | <4.1 | custom 16 Byte construct (broken) → 🔴❌ | [1] | → 19-02-2024 |
MySQL/MariaDB mysql_native_password (default plugin) | > MySQL 4.1 | SHA1 construct with Salt and minimal key-stretching → 🔴🟡 | [1], [2] | low key-stretching value, better algorithms available (ed25519 based, sha256 construct) [3] but not default, [4], this algorithm can be exploited [5] → 19-02-2024 |
Nextcloud | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
Microsoft Office | 2007 | SHA1 (with key-stretching 50.000) → 🔴🟡 | [1] | → 04-04-2024 |
Microsoft Office | 2010 | SHA1 (with key-stretching 50.000) → 🔴🟡 | [1] | → 04-04-2024 |
Microsoft Office | 2013 | SHA1 (with key-stretching 100.000) → 🔴🟡 SHA512 (with key-stretching 100.000) → 🟢 |
[1] | → 04-04-2024 |
Microsoft Office | >= 2016 | SHA512 (with key-stretching 100.000) → 🟢 | [1] | → 04-04-2024 |
ownCloud core | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
PI-hole | all | SHA2 256 bit without Salt, key-stretching 2x → 🟡 | [1] | → 19-02-2024 |
PostgreSQL | >? | Plain → 🔴❌ MD5 (without Salt) → 🔴 SCRAM-SHA-256 (like PBKDF2 with SHA256 and Salt (4096 iterations)) → 🟢 |
[1] [2] | → 19-02-2024 |
Prestashop | all | MD5 (with Salt) → 🔴 | [1] | → 19-02-2024 |
Typo3 | all | MD5 (with Salt) → 🔴 blowfish, phpass(with password stretching) → 🔴 PBKDF2, bcrypt (without Salt) → 🟢 Argon2(i, id) → 🟢✔️ |
[1] | → 19-02-2024 |
Slack | - | SHA256 (with Salt) → 🟢 | [1] | → 19-02-2024 |
urbackup | all | PBKDF2 with SHA512 Internet-User secret; without Salt, key-stretching 20.000 → 🟡🟢 PBKDF2 with MD5 Login-User; with Salt, key-stretching >0 → 🟡 |
[1] [2] | low key-stretching value → 19-02-2024 |
wg-portal | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
Wordpress | all | MD5 (with Salt + minimal key stretching) → 🔴 | [1] | better algorithms just like Argon2id available with Plugins → 19-02-2024 |
Zammad | all | SHA256 (without Salt) → 🟡 Argon2(i) → 🟢✔️ |
[1] | → 03-03-2024 |
Operating Systems
Program name | Versions | PH-Algorithm → Rating | Sources | Extras + Date accessed |
---|---|---|---|---|
Linux (Debian, Ubuntu) | variable | DES → 🔴❌ MD5, SHA1 (with Salt and/or key-stretching) → 🔴🟡 bcrypt, scrypt, SHA256, SHA512 (with Salt and/or key-stretching) → 🟢 (gost-)yescrypt (with Salt) → 🟢✔️ |
[1] [2] | based on current Debian specification → 19-02-2024 |
Windows | <Vista | LM-Hash → 🔴❌ NTLM-Hash → 🔴❌ |
[1] | → 19-02-2024 |
Windows | >=Vista | NTLM-Hash → 🔴❌ | [1] | → 19-02-2024 |
Last Update: 19-02-2024