Password Hashing Algorithms used in Software pronounced as [faus] (with a silent i) is a simple overview of password hashing algorithms used in software with authentication capabilities.
👉The goal is to evaluate the security of the algorithms used in the respective program.
❔ Rating is based on:
* in combination with another symbol
- Currently one of the best*: ✔️
- Good but not perfect: 🟢
- Moderate: 🟡
- Bad: 🔴
- Couldn't be worse*: ❌
italic entry = legacy or outdated source
Overview about typical algorithms and their rating
| PH-Algorithm | Rating | Explanation |
|---|---|---|
| Argon2(i/d/id) (with/without Salt) | 🟢✔️ | State-of-the-Art (Winner of Password Hashing Competition) [1] [2] [Git] |
| Yescrypt (with/without Salt) | 🟢✔️ | Password Hashing Competition finalist with special recognitions [1] [2] |
| Catena (with/without Salt) | 🟢✔️ | kind of scrypt, Password Hashing Competition finalist with special recognitions [1] [2] |
| Lyra2 (with/without Salt) | 🟢✔️ | Password Hashing Competition finalist with special recognitions [1] [2] |
| Makwa (with/without Salt) | 🟢✔️ | Password Hashing Competition finalist with special recognitions [1] [2] |
| Pufferfish (with/without Salt) | 🟢 | kind of blowfish, Password Hashing Competition finalist [1] [2] |
| bcrypt (with/without Salt) | 🟢 | kind of blowfish, crypt ($2a), [1] [2] |
| scrypt (with/without Salt) | 🟢 | [1] [2] |
| PBKDF2 (with Salt and/or high key-stretching) | 🟢 | [1] [2] [3] |
| SHA2/3 (with Salt and/or key-stretching) | 🟢 | crypt ($5, $6), [1] |
| Blake2b (with Salt and/or key-stretching) | 🟢 | [1] |
| PBKDF2 (without Salt and with high key-stretching) | 🟡🟢 | |
| SHA2/3 512 bit (without Salt) | 🟡🟢 | |
| Blake2b 512 bit (without Salt) | 🟡🟢 | |
| SHA2/3 256 bit (without Salt) | 🟡 | |
| RIPEMD-160 (with Salt and/or key-stretching) | 🔴🟡 | [1] [2] |
| SHA1 (with Salt and/or key-stretching) | 🔴🟡 | collission + length extension attacks [1] [2] [3] |
| MD5 (with Salt and/or key-stretching) | 🔴🟡 | crypt ($1), collission + length extension attacks [1] [2] |
| RIPEMD-160 (without Salt) | 🔴 | |
| SHA1 (without Salt) | 🔴 | |
| MD5 (without Salt) | 🔴 | |
| GOST (without Salt) | 🔴 | collission + preimage attacks [1] |
| MD4 (without/with Salt and/or key-stretching) | 🔴❌ | Rainbow Tables available, Collission Attacks [1] |
| NTLM-Hash | 🔴❌ | Based on MD4 without key-stretching, Salt, ..., [1] |
| DES | 🔴❌ | obsolete Encryption-Algorithm, [1] |
| LM-Hash | 🔴❌ | Rainbow Tables available, Collission Attacks, [1] [2] |
| CRC32 | 🔴❌ | just a error-detecting code |
| General: Any Encryption Algorithm | 🔴 | Encryption Key is somewhere on the system?!? |
Web-Applications / Software
| Program name | Versions | PH-Algorithm → Rating | Sources | Extras + Date accessed |
|---|---|---|---|---|
| Adobe | - | 3DES using ECB Mode → 🔴❌ | [1] | password leak of 2013 → 19-02-2024 |
| Aegis Authenticator | all | scrypt → 🟢 | [1] | → 19-02-2024 |
| Ansible | all | MD5, blowfish → 🔴 SHA256, SHA512 (default) (with Salt) → 🟢 |
[1] | → 19-02-2024 |
| Bareos | all | MD5 → 🔴 | [1] | → 19-02-2024 |
| Bitwarden, Vaultwarden | all | PBKDF2 (with Salt and/or key-stretching (default: 600.000)) → 🟢 or Argon2id (64MiB, 3 times, 4 threads) → 🟢✔️ |
[1], [2] | Salt is username/e-mail → 19-02-2024 |
| CheckMK | >2.1.0p16 >2.2.0b1 | bcrypt → 🟢 SHA256 (with Salt and/or key-stretching) → 🟢 |
[1] | → 19-02-2024 |
| CheckMK | <=2.1.0p16 <=2.2.0b1 | DES → 🔴❌ MD5 (with Salt and/or key-stretching) → 🔴🟡 SHA256 (with Salt and/or key-stretching) → 🟢 |
[1] | → 19-02-2024 |
| Drupal | all | based on PHP password_hash() (default: bcrypt) → 🟢 | [1] | → 19-02-2024 |
| FileGator | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
| Froxlor | >= 2.0.0 | bcrypt → 🟢 Argon2(i,id) → 🟢✔️ |
[1] | versions <2.0.0 uses Linux crypt() (see Linux section) → 19-02-2024 |
| Gitea | all | bcrypt, scrypt, PBKDF2 (with Salt) → 🟢 Argon2 with Salt, time=2, memory=64*1024, threads=8, keyLen=50 → 🟢✔️ |
[1] | → 19-02-2024 |
| Gophish | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
| ILIAS e-Learning | >5.(0,1,2).X | bcrypt (with/without Salt) → 🟢 | [1] | → 19-02-2024 |
| ILIAS e-Learning | <5.(0,1,2).X | MD5 without Salt → 🔴 | [1] | → 19-02-2024 |
| ISPconfig | all | crypt Linux defaults → 🔴🟡 or 🟢 | → 19-02-2024 | |
| Joomla | >4.0.0 | MD5 (without Salt) → 🔴 bcrypt (default) → 🟢 Argon2(i, id) → 🟢✔️ |
[1] | → 19-02-2024 |
| KeePass | >2.X | AES-KDF → 🔴 Argon2(d, id) → 🟢✔️ |
[1] | → 19-02-2024 |
| LastPass | - | PBKDF2 key-stretching 100.100 → 🟢 | [1] | → 19-02-2024 |
| LDAP | ? | SHA1, MD5 with and without Salt → 🔴, 🔴🟡 Linux crypt(3) (MD5, Blowfish, SHA2 (256, 512 bit)) with Salt and Key stretching → 🔴🟡 up to 🟢 |
[1] [2] [3] | official RFC specifies no encryption/hash → 19-02-2024 |
| Mastodon | all | bcrypt → 🟢 | [1] | → 19-02-2024 |
| Mediawiki | >=? - <1.33 | MD5 (with/without Salt) → 🔴, 🔴🟡 PBKDF2, bcrypt (with/without Salt) → 🟢 |
[1] | → 03-03-2024 |
| Mediawiki | >=1.33 | MD5 (with/without Salt) → 🔴, 🔴🟡 PBKDF2, bcrypt (with/without Salt) → 🟢 Argon2(i, id) → 🟢✔️ |
[1] | → 03-03-2024 |
| Moodle | <2.3 | MD5 → 🔴 | [1] | → 19-02-2024 |
| Moodle | 2.3 - 4.3 | MD5 → 🔴 bcrypt (with Salt) → 🟢 |
[1] | → 19-02-2024 |
| Moodle | >=4.3 | bcrypt (with Salt) → 🟢 SHA512 (with Salt and key-stretching) → 🟢 |
[1] | → 19-02-2024 |
| MySQL | <4.1 | custom 16 Byte construct (broken) → 🔴❌ | [1] | → 19-02-2024 |
| MySQL/MariaDB mysql_native_password (default plugin) | > MySQL 4.1 | SHA1 construct with Salt and minimal key-stretching → 🔴🟡 | [1], [2] | low key-stretching value, better algorithms available (ed25519 based, sha256 construct) [3] but not default, [4], this algorithm can be exploited [5] → 19-02-2024 |
| Nextcloud | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
| Microsoft Office | 2007 | SHA1 (with key-stretching 50.000) → 🔴🟡 | [1] | → 04-04-2024 |
| Microsoft Office | 2010 | SHA1 (with key-stretching 50.000) → 🔴🟡 | [1] | → 04-04-2024 |
| Microsoft Office | 2013 | SHA1 (with key-stretching 100.000) → 🔴🟡 SHA512 (with key-stretching 100.000) → 🟢 |
[1] | → 04-04-2024 |
| Microsoft Office | >= 2016 | SHA512 (with key-stretching 100.000) → 🟢 | [1] | → 04-04-2024 |
| ownCloud core | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
| PI-hole | all | SHA2 256 bit without Salt, key-stretching 2x → 🟡 | [1] | → 19-02-2024 |
| PostgreSQL | >? | Plain → 🔴❌ MD5 (without Salt) → 🔴 SCRAM-SHA-256 (like PBKDF2 with SHA256 and Salt (4096 iterations)) → 🟢 |
[1] [2] | → 19-02-2024 |
| Prestashop | all | MD5 (with Salt) → 🔴 | [1] | → 19-02-2024 |
| Typo3 | all | MD5 (with Salt) → 🔴 blowfish, phpass(with password stretching) → 🔴 PBKDF2, bcrypt (without Salt) → 🟢 Argon2(i, id) → 🟢✔️ |
[1] | → 19-02-2024 |
| Slack | - | SHA256 (with Salt) → 🟢 | [1] | → 19-02-2024 |
| urbackup | all | PBKDF2 with SHA512 Internet-User secret; without Salt, key-stretching 20.000 → 🟡🟢 PBKDF2 with MD5 Login-User; with Salt, key-stretching >0 → 🟡 |
[1] [2] | low key-stretching value → 19-02-2024 |
| wg-portal | all | bcrypt (without Salt) → 🟢 | [1] | → 19-02-2024 |
| Wordpress | all | MD5 (with Salt + minimal key stretching) → 🔴 | [1] | better algorithms just like Argon2id available with Plugins → 19-02-2024 |
| Zammad | all | SHA256 (without Salt) → 🟡 Argon2(i) → 🟢✔️ |
[1] | → 03-03-2024 |
Operating Systems
| Program name | Versions | PH-Algorithm → Rating | Sources | Extras + Date accessed |
|---|---|---|---|---|
| Linux (Debian, Ubuntu) | variable | DES → 🔴❌ MD5, SHA1 (with Salt and/or key-stretching) → 🔴🟡 bcrypt, scrypt, SHA256, SHA512 (with Salt and/or key-stretching) → 🟢 (gost-)yescrypt (with Salt) → 🟢✔️ |
[1] [2] | based on current Debian specification → 19-02-2024 |
| Windows | <Vista | LM-Hash → 🔴❌ NTLM-Hash → 🔴❌ |
[1] | → 19-02-2024 |
| Windows | >=Vista | NTLM-Hash → 🔴❌ | [1] | → 19-02-2024 |
Last Update: 19-02-2024