Password Hashing Algorithms used in Software pronounced as [faus] (with a silent i) is a simple overview of password hashing algorithms used in software with authentication capabilities.
πThe goal is to evaluate the security of the algorithms used in the respective program.
β Rating is based on:
* in combination with another symbol
- Currently one of the best*: βοΈ
- Good but not perfect: π’
- Moderate: π‘
- Bad: π΄
- Couldn't be worse*: β
italic entry = legacy or outdated source
Overview about typical algorithms and their rating
| PH-Algorithm | Rating | Explanation |
|---|---|---|
| Argon2(i/d/id) (with/without Salt) | π’βοΈ | State-of-the-Art (Winner of Password Hashing Competition) [1] [2] [Git] |
| Yescrypt (with/without Salt) | π’βοΈ | Password Hashing Competition finalist with special recognitions [1] [2] |
| Catena (with/without Salt) | π’βοΈ | kind of scrypt, Password Hashing Competition finalist with special recognitions [1] [2] |
| Lyra2 (with/without Salt) | π’βοΈ | Password Hashing Competition finalist with special recognitions [1] [2] |
| Makwa (with/without Salt) | π’βοΈ | Password Hashing Competition finalist with special recognitions [1] [2] |
| Pufferfish (with/without Salt) | π’ | kind of blowfish, Password Hashing Competition finalist [1] [2] |
| bcrypt (with/without Salt) | π’ | kind of blowfish, crypt ($2a), [1] [2] |
| scrypt (with/without Salt) | π’ | [1] [2] |
| PBKDF2 (with Salt and/or high key-stretching) | π’ | [1] [2] [3] |
| SHA2/3 (with Salt and/or key-stretching) | π’ | crypt ($5, $6), [1] |
| Blake2b (with Salt and/or key-stretching) | π’ | [1] |
| PBKDF2 (without Salt and with high key-stretching) | π‘π’ | |
| SHA2/3 512 bit (without Salt) | π‘π’ | |
| Blake2b 512 bit (without Salt) | π‘π’ | |
| SHA2/3 256 bit (without Salt) | π‘ | |
| RIPEMD-160 (with Salt and/or key-stretching) | π΄π‘ | [1] [2] |
| SHA1 (with Salt and/or key-stretching) | π΄π‘ | collission + length extension attacks [1] [2] [3] |
| MD5 (with Salt and/or key-stretching) | π΄π‘ | crypt ($1), collission + length extension attacks [1] [2] |
| RIPEMD-160 (without Salt) | π΄ | |
| SHA1 (without Salt) | π΄ | |
| MD5 (without Salt) | π΄ | |
| GOST (without Salt) | π΄ | collission + preimage attacks [1] |
| MD4 (without/with Salt and/or key-stretching) | π΄β | Rainbow Tables available, Collission Attacks [1] |
| NTLM-Hash | π΄β | Based on MD4 without key-stretching, Salt, ..., [1] |
| DES | π΄β | obsolete Encryption-Algorithm, [1] |
| LM-Hash | π΄β | Rainbow Tables available, Collission Attacks, [1] [2] |
| CRC32 | π΄β | just a error-detecting code |
| General: Any Encryption Algorithm | π΄ | Encryption Key is somewhere on the system?!? |
Web-Applications / Software
| Program name | Versions | PH-Algorithm β Rating | Sources | Extras + Date accessed |
|---|---|---|---|---|
| Adobe | - | 3DES using ECB Mode β π΄β | [1] | password leak of 2013 β 19-02-2024 |
| Aegis Authenticator | all | scrypt β π’ | [1] | β 19-02-2024 |
| Ansible | all | MD5, blowfish β π΄ SHA256, SHA512 (default) (with Salt) β π’ |
[1] | β 19-02-2024 |
| Bareos | all | MD5 β π΄ | [1] | β 19-02-2024 |
| Bitwarden, Vaultwarden | all | PBKDF2 (with Salt and/or key-stretching (default: 600.000)) β π’ or Argon2id (64MiB, 3 times, 4 threads) β π’βοΈ |
[1], [2] | Salt is username/e-mail β 19-02-2024 |
| CheckMK | >2.1.0p16 >2.2.0b1 | bcrypt β π’ SHA256 (with Salt and/or key-stretching) β π’ |
[1] | β 19-02-2024 |
| CheckMK | <=2.1.0p16 <=2.2.0b1 | DES β π΄β MD5 (with Salt and/or key-stretching) β π΄π‘ SHA256 (with Salt and/or key-stretching) β π’ |
[1] | β 19-02-2024 |
| Drupal | all | based on PHP password_hash() (default: bcrypt) β π’ | [1] | β 19-02-2024 |
| FileGator | all | bcrypt (without Salt) β π’ | [1] | β 19-02-2024 |
| Froxlor | >= 2.0.0 | bcrypt β π’ Argon2(i,id) β π’βοΈ |
[1] | versions <2.0.0 uses Linux crypt() (see Linux section) β 19-02-2024 |
| Gitea | all | bcrypt, scrypt, PBKDF2 (with Salt) β π’ Argon2 with Salt, time=2, memory=64*1024, threads=8, keyLen=50 β π’βοΈ |
[1] | β 19-02-2024 |
| Gophish | all | bcrypt (without Salt) β π’ | [1] | β 19-02-2024 |
| ILIAS e-Learning | >5.(0,1,2).X | bcrypt (with/without Salt) β π’ | [1] | β 19-02-2024 |
| ILIAS e-Learning | <5.(0,1,2).X | MD5 without Salt β π΄ | [1] | β 19-02-2024 |
| ISPconfig | all | crypt Linux defaults β π΄π‘ or π’ | β 19-02-2024 | |
| Joomla | >4.0.0 | MD5 (without Salt) β π΄ bcrypt (default) β π’ Argon2(i, id) β π’βοΈ |
[1] | β 19-02-2024 |
| KeePass | >2.X | AES-KDF β π΄ Argon2(d, id) β π’βοΈ |
[1] | β 19-02-2024 |
| LastPass | - | PBKDF2 key-stretching 100.100 β π’ | [1] | β 19-02-2024 |
| LDAP | ? | SHA1, MD5 with and without Salt β π΄, π΄π‘ Linux crypt(3) (MD5, Blowfish, SHA2 (256, 512 bit)) with Salt and Key stretching β π΄π‘ up to π’ |
[1] [2] [3] | official RFC specifies no encryption/hash β 19-02-2024 |
| Mastodon | all | bcrypt β π’ | [1] | β 19-02-2024 |
| Mediawiki | >=? - <1.33 | MD5 (with/without Salt) β π΄, π΄π‘ PBKDF2, bcrypt (with/without Salt) β π’ |
[1] | β 03-03-2024 |
| Mediawiki | >=1.33 | MD5 (with/without Salt) β π΄, π΄π‘ PBKDF2, bcrypt (with/without Salt) β π’ Argon2(i, id) β π’βοΈ |
[1] | β 03-03-2024 |
| Moodle | <2.3 | MD5 β π΄ | [1] | β 19-02-2024 |
| Moodle | 2.3 - 4.3 | MD5 β π΄ bcrypt (with Salt) β π’ |
[1] | β 19-02-2024 |
| Moodle | >=4.3 | bcrypt (with Salt) β π’ SHA512 (with Salt and key-stretching) β π’ |
[1] | β 19-02-2024 |
| MySQL | <4.1 | custom 16 Byte construct (broken) β π΄β | [1] | β 19-02-2024 |
| MySQL/MariaDB mysql_native_password (default plugin) | > MySQL 4.1 | SHA1 construct with Salt and minimal key-stretching β π΄π‘ | [1], [2] | low key-stretching value, better algorithms available (ed25519 based, sha256 construct) [3] but not default, [4], this algorithm can be exploited [5] β 19-02-2024 |
| Nextcloud | all | bcrypt (without Salt) β π’ | [1] | β 19-02-2024 |
| Microsoft Office | 2007 | SHA1 (with key-stretching 50.000) β π΄π‘ | [1] | β 04-04-2024 |
| Microsoft Office | 2010 | SHA1 (with key-stretching 50.000) β π΄π‘ | [1] | β 04-04-2024 |
| Microsoft Office | 2013 | SHA1 (with key-stretching 100.000) β π΄π‘ SHA512 (with key-stretching 100.000) β π’ |
[1] | β 04-04-2024 |
| Microsoft Office | >= 2016 | SHA512 (with key-stretching 100.000) β π’ | [1] | β 04-04-2024 |
| ownCloud core | all | bcrypt (without Salt) β π’ | [1] | β 19-02-2024 |
| PI-hole | all | SHA2 256 bit without Salt, key-stretching 2x β π‘ | [1] | β 19-02-2024 |
| PostgreSQL | >? | Plain β π΄β MD5 (without Salt) β π΄ SCRAM-SHA-256 (like PBKDF2 with SHA256 and Salt (4096 iterations)) β π’ |
[1] [2] | β 19-02-2024 |
| Prestashop | all | MD5 (with Salt) β π΄ | [1] | β 19-02-2024 |
| Typo3 | all | MD5 (with Salt) β π΄ blowfish, phpass(with password stretching) β π΄ PBKDF2, bcrypt (without Salt) β π’ Argon2(i, id) β π’βοΈ |
[1] | β 19-02-2024 |
| Slack | - | SHA256 (with Salt) β π’ | [1] | β 19-02-2024 |
| urbackup | all | PBKDF2 with SHA512 Internet-User secret; without Salt, key-stretching 20.000 β π‘π’ PBKDF2 with MD5 Login-User; with Salt, key-stretching >0 β π‘ |
[1] [2] | low key-stretching value β 19-02-2024 |
| wg-portal | all | bcrypt (without Salt) β π’ | [1] | β 19-02-2024 |
| Wordpress | all | MD5 (with Salt + minimal key stretching) β π΄ | [1] | better algorithms just like Argon2id available with Plugins β 19-02-2024 |
| Zammad | all | SHA256 (without Salt) β π‘ Argon2(i) β π’βοΈ |
[1] | β 03-03-2024 |
Operating Systems
| Program name | Versions | PH-Algorithm β Rating | Sources | Extras + Date accessed |
|---|---|---|---|---|
| Linux (Debian, Ubuntu) | variable | DES β π΄β MD5, SHA1 (with Salt and/or key-stretching) β π΄π‘ bcrypt, scrypt, SHA256, SHA512 (with Salt and/or key-stretching) β π’ (gost-)yescrypt (with Salt) β π’βοΈ |
[1] [2] | based on current Debian specification β 19-02-2024 |
| Windows | <Vista | LM-Hash β π΄β NTLM-Hash β π΄β |
[1] | β 19-02-2024 |
| Windows | >=Vista | NTLM-Hash β π΄β | [1] | β 19-02-2024 |
Last Update: 19-02-2024
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent