bcrypt

PBKDF2

LastPass

In November 2013, we proposed the following for storing your customers’ passwords safely:

  • A process called PBKDF2 to mangle your real password into a storable representation.
  • A hash called HMAC-SHA-256 as the hashing function inside PBKDF2.
  • At least 10,000 iterations of the hash function for “stretching” (time-consumption) purposes.

scrypt