From c542ee14ada7f3222db1caf8dcc55ef5a0afdd10 Mon Sep 17 00:00:00 2001 From: AlexOConnorHub Date: Wed, 23 Jun 2021 23:49:35 -0400 Subject: [PATCH 1/2] Update security-passwords.md to more correct word Fundamentally, hashes cannot be `reversed`, rather they are cracked. --- docs/guide/security-passwords.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guide/security-passwords.md b/docs/guide/security-passwords.md index 68d1950..5fa50b4 100644 --- a/docs/guide/security-passwords.md +++ b/docs/guide/security-passwords.md @@ -3,7 +3,7 @@ Working with Passwords Most developers know that passwords cannot be stored in plain text, but many developers believe it's still safe to hash passwords using `md5` or `sha1`. There was a time when using the aforementioned hashing algorithms was sufficient, -but modern hardware makes it possible to reverse such hashes and even stronger ones very quickly using brute force attacks. +but modern hardware makes it possible to cracked such hashes and even stronger ones very quickly using brute force attacks. In order to provide increased security for user passwords, even in the worst case scenario (your application is breached), you need to use a hashing algorithm that is resilient against brute force attacks. The best current choice is `bcrypt`. From 1affade837d71ab210d30e8725d48503b89c1025 Mon Sep 17 00:00:00 2001 From: AlexOConnorHub Date: Thu, 24 Jun 2021 07:37:43 -0400 Subject: [PATCH 2/2] Update docs/guide/security-passwords.md Co-authored-by: Bizley --- docs/guide/security-passwords.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guide/security-passwords.md b/docs/guide/security-passwords.md index 5fa50b4..5edce28 100644 --- a/docs/guide/security-passwords.md +++ b/docs/guide/security-passwords.md @@ -3,7 +3,7 @@ Working with Passwords Most developers know that passwords cannot be stored in plain text, but many developers believe it's still safe to hash passwords using `md5` or `sha1`. There was a time when using the aforementioned hashing algorithms was sufficient, -but modern hardware makes it possible to cracked such hashes and even stronger ones very quickly using brute force attacks. +but modern hardware makes it possible to crack such hashes and even stronger ones very quickly using brute force attacks. In order to provide increased security for user passwords, even in the worst case scenario (your application is breached), you need to use a hashing algorithm that is resilient against brute force attacks. The best current choice is `bcrypt`.