AuthMeReloaded/docs/hash_algorithms.md

<!-- AUTO-GENERATED FILE! Do not edit this directly -->
<!-- File auto-generated on Fri Dec 01 19:16:17 CET 2017. See docs/hashmethods/hash_algorithms.tpl.md -->

## Hash Algorithms
AuthMe supports the following hash algorithms for storing your passwords safely.


Algorithm | Recommendation | Hash length | ASCII |     | Salt type | Length | Separate?
--------- | -------------- | ----------- | ----- | --- | --------- | ------ | ---------
ARGON2 | Recommended | 96 |  | | Text | 16 | 
BCRYPT | Recommended | 60 |  | | Text |  | 
BCRYPT2Y | Recommended | 60 |  | | Text | 22 | 
CRAZYCRYPT1 | Do not use | 128 |  | | Username |  | 
IPB3 | Acceptable | 32 |  | | Text | 5 | Y
IPB4 | Does not work | 60 |  | | Text | 22 | Y
JOOMLA | Acceptable | 65 |  | | Text | 32 | 
MD5VB | Acceptable | 56 |  | | Text | 16 | 
MYBB | Acceptable | 32 |  | | Text | 8 | Y
PBKDF2 | Recommended | 165 |  | | Text | 16 | 
PBKDF2DJANGO | Acceptable | 77 | Y | | Text | 12 | 
PHPBB | Acceptable | 60 |  | | Text | 22 | 
PHPFUSION | Do not use | 64 | Y | |  |  | Y
ROYALAUTH | Do not use | 128 |  | | None |  | 
SALTED2MD5 | Acceptable | 32 |  | | Text |  | Y
SALTEDSHA512 | Recommended | 128 |  | |  |  | Y
SHA256 | Recommended | 86 |  | | Text | 16 | 
SMF | Do not use | 40 |  | | Username |  | Y
TWO_FACTOR | Does not work | 16 |  | | None |  | 
WBB3 | Acceptable | 40 |  | | Text | 40 | Y
WBB4 | Recommended | 60 |  | | Text | 8 | 
WORDPRESS | Acceptable | 34 |  | | Text | 9 | 
XAUTH | Recommended | 140 |  | | Text | 12 | 
XFBCRYPT |  | 60 |  | |  |  | 
CUSTOM |  |  |  |  |  |  |  |

<!-- AUTO-GENERATED FILE! Do not edit this directly -->

### Columns
#### Algorithm
The algorithm is the hashing algorithm used to store passwords with. Default is SHA256 and is recommended.
You can change the hashing algorithm in the config.yml: under `security`, locate `passwordHash`.

#### Recommendation
The recommendation lists our usage recommendation in terms of how secure it is (not how _well_ the algorithm works!).
- Recommended: The hash algorithm appears to be cryptographically secure and is one we recommend.
- Acceptable: There are safer algorithms that can be chosen but using the algorithm is generally OK.
- Deprecated: Cannot be used anymore actively or in the near future.
- Do not use: Hash algorithm isn't sufficiently secure. Use only if required to hook into another system.
- Does not work: The algorithm does not work properly; do not use.

#### Hash Length
The length of the hashes the algorithm produces. Note that the hash length is not (primarily) indicative of
whether an algorithm is secure or not.

#### ASCII
If denoted with a **y**, means that the algorithm is restricted to ASCII characters only, i.e. it will simply ignore
"special characters" such as `ÿ` or `Â`. Note that we do not recommend the use of "special characters" in passwords.

#### Salt Columns
Before hashing, a _salt_ may be appended to the password to make the hash more secure. The following columns describe
the salt the algorithm uses.
<!-- AUTO-GENERATED FILE! Do not edit this directly -->

##### Salt Type
We do not recommend the usage
of any algorithm that doesn't use a randomly generated text as salt. This "salt type" column indicates what type of
salt the algorithm uses:
- Text: randomly generated text (see also the following column, "Length")
- Username: the salt is constructed from the username (bad)
- None: the algorithm uses no salt (bad)

##### Length
If applicable (salt type is "Text"), indicates the length of the generated salt. The longer the better.
If this column is empty when the salt type is "Text", it typically means the salt length can be defined in config.yml.

##### Separate
If denoted with a **y**, it means that the salt is stored in a separate column in the database. This is neither good
or bad.

---

This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Fri Dec 01 19:16:17 CET 2017
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`<!-- AUTO-GENERATED FILE! Do not edit this directly -->`
Update docs 2017-12-01 19:16:49 +01:00			`<!-- File auto-generated on Fri Dec 01 19:16:17 CET 2017. See docs/hashmethods/hash_algorithms.tpl.md -->`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00
			`## Hash Algorithms`
			`AuthMe supports the following hash algorithms for storing your passwords safely.`


Fix markdown table in hash algorithms overview - GitHub requires at least 3 dashes between two column separators \|. Most markdown previewers don't have this restriction. 2015-12-31 13:42:41 +01:00			`Algorithm \| Recommendation \| Hash length \| ASCII \| \| Salt type \| Length \| Separate?`
			`--------- \| -------------- \| ----------- \| ----- \| --- \| --------- \| ------ \| ---------`
#1150 - Add Argon2 support - Add argon2 implementation - Extract argon2 library check to method on Argon 2 - Add link to Wiki page on errors - Check within Argon2Test if the test cases should be run, not in the abstract parent 2017-10-23 00:10:48 +02:00			`ARGON2 \| Recommended \| 96 \| \| \| Text \| 16 \|`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`BCRYPT \| Recommended \| 60 \| \| \| Text \| \|`
			`BCRYPT2Y \| Recommended \| 60 \| \| \| Text \| 22 \|`
			`CRAZYCRYPT1 \| Do not use \| 128 \| \| \| Username \| \|`
			`IPB3 \| Acceptable \| 32 \| \| \| Text \| 5 \| Y`
#519 #515 #431 Tool task to update all docs; relocate to root/docs - Move docs from src/tools to a root subfolder - Add tag for displaying a "generated page" footer - Create task to run all doc tasks - Remove map builder in favor of Guava's 2016-02-14 21:43:01 +01:00			`IPB4 \| Does not work \| 60 \| \| \| Text \| 22 \| Y`
#685 Fix PBKDF2 implementation - Fix our PBKDF2 hash implementation and its test class - Use external dependency as PBKDF2 implementation 2016-11-25 15:51:15 +01:00			`JOOMLA \| Acceptable \| 65 \| \| \| Text \| 32 \|`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`MD5VB \| Acceptable \| 56 \| \| \| Text \| 16 \|`
			`MYBB \| Acceptable \| 32 \| \| \| Text \| 8 \| Y`
#685 Fix PBKDF2 implementation - Fix our PBKDF2 hash implementation and its test class - Use external dependency as PBKDF2 implementation 2016-11-25 15:51:15 +01:00			`PBKDF2 \| Recommended \| 165 \| \| \| Text \| 16 \|`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`PBKDF2DJANGO \| Acceptable \| 77 \| Y \| \| Text \| 12 \|`
Update docs 2017-12-01 19:16:49 +01:00			`PHPBB \| Acceptable \| 60 \| \| \| Text \| 22 \|`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`PHPFUSION \| Do not use \| 64 \| Y \| \| \| \| Y`
			`ROYALAUTH \| Do not use \| 128 \| \| \| None \| \|`
			`SALTED2MD5 \| Acceptable \| 32 \| \| \| Text \| \| Y`
			`SALTEDSHA512 \| Recommended \| 128 \| \| \| \| \| Y`
			`SHA256 \| Recommended \| 86 \| \| \| Text \| 16 \|`
#1016 Update hash algorithms list, add test that Deprecated annotation is in sync between enum and hash impl. class 2017-10-19 21:52:55 +02:00			`SMF \| Do not use \| 40 \| \| \| Username \| \| Y`
#519 #515 #431 Tool task to update all docs; relocate to root/docs - Move docs from src/tools to a root subfolder - Add tag for displaying a "generated page" footer - Create task to run all doc tasks - Remove map builder in favor of Guava's 2016-02-14 21:43:01 +01:00			`TWO_FACTOR \| Does not work \| 16 \| \| \| None \| \|`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`WBB3 \| Acceptable \| 40 \| \| \| Text \| 40 \| Y`
#519 #515 #431 Tool task to update all docs; relocate to root/docs - Move docs from src/tools to a root subfolder - Add tag for displaying a "generated page" footer - Create task to run all doc tasks - Remove map builder in favor of Guava's 2016-02-14 21:43:01 +01:00			`WBB4 \| Recommended \| 60 \| \| \| Text \| 8 \|`
			`WORDPRESS \| Acceptable \| 34 \| \| \| Text \| 9 \|`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`XAUTH \| Recommended \| 140 \| \| \| Text \| 12 \|`
#519 #515 #431 Tool task to update all docs; relocate to root/docs - Move docs from src/tools to a root subfolder - Add tag for displaying a "generated page" footer - Create task to run all doc tasks - Remove map builder in favor of Guava's 2016-02-14 21:43:01 +01:00			`XFBCRYPT \| \| 60 \| \| \| \| \|`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`CUSTOM \| \| \| \| \| \| \| \|`

			`<!-- AUTO-GENERATED FILE! Do not edit this directly -->`

			`### Columns`
			`#### Algorithm`
			`The algorithm is the hashing algorithm used to store passwords with. Default is SHA256 and is recommended.`
			You can change the hashing algorithm in the config.yml: under `security`, locate `passwordHash`.

			`#### Recommendation`
			`The recommendation lists our usage recommendation in terms of how secure it is (not how _well_ the algorithm works!).`
			`- Recommended: The hash algorithm appears to be cryptographically secure and is one we recommend.`
			`- Acceptable: There are safer algorithms that can be chosen but using the algorithm is generally OK.`
Small docs cleanup - NewAPI class will be removed in 5.5, not 5.4 - Add entry for "Deprecated" recommendation in hash algorithms page - Mention possibility of wildcards for restricted user rules 2017-09-17 11:32:12 +02:00			`- Deprecated: Cannot be used anymore actively or in the near future.`
Add tools task to generate an encryption algorithm overview 2015-12-31 13:33:00 +01:00			`- Do not use: Hash algorithm isn't sufficiently secure. Use only if required to hook into another system.`
			`- Does not work: The algorithm does not work properly; do not use.`

			`#### Hash Length`
			`The length of the hashes the algorithm produces. Note that the hash length is not (primarily) indicative of`
			`whether an algorithm is secure or not.`

			`#### ASCII`
			`If denoted with a y, means that the algorithm is restricted to ASCII characters only, i.e. it will simply ignore`
			"special characters" such as `ÿ` or `Â`. Note that we do not recommend the use of "special characters" in passwords.

			`#### Salt Columns`
			`Before hashing, a _salt_ may be appended to the password to make the hash more secure. The following columns describe`
			`the salt the algorithm uses.`
			`<!-- AUTO-GENERATED FILE! Do not edit this directly -->`

			`##### Salt Type`
			`We do not recommend the usage`
			`of any algorithm that doesn't use a randomly generated text as salt. This "salt type" column indicates what type of`
			`salt the algorithm uses:`
			`- Text: randomly generated text (see also the following column, "Length")`
			`- Username: the salt is constructed from the username (bad)`
			`- None: the algorithm uses no salt (bad)`

			`##### Length`
			`If applicable (salt type is "Text"), indicates the length of the generated salt. The longer the better.`
			`If this column is empty when the salt type is "Text", it typically means the salt length can be defined in config.yml.`

			`##### Separate`
			`If denoted with a y, it means that the salt is stored in a separate column in the database. This is neither good`
			`or bad.`
#519 #515 #431 Tool task to update all docs; relocate to root/docs - Move docs from src/tools to a root subfolder - Add tag for displaying a "generated page" footer - Create task to run all doc tasks - Remove map builder in favor of Guava's 2016-02-14 21:43:01 +01:00
			`---`

Update docs 2017-12-01 19:16:49 +01:00			`This page was automatically generated on the [AuthMe/AuthMeReloaded repository](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/) on Fri Dec 01 19:16:17 CET 2017`