rspec/rules/S5344/common/fix/password-hashing.adoc

==== Use specific password hashing algorithms

In general, relying on an algorithm with no known weaknesses is also
a requirement. This prevents the use of the MD5 or SHA-1 algorithms.

While considered strong for some use cases, some algorithms, like SHA-family
functions, are too fast to compute and therefore susceptible to brute force
attacks, especially with attack-dedicated hardware. Modern, slow, password
hashing algorithms such as bcrypt, PBKDF2 or argon2 are recommended.
Modify S5344: Re-arrange the folder for new languages (#3709) * Modify S5344: Re-arrange the folder for new languages * modify a file name typo * last tweaks * changed diff * reorg fixes * Apply suggestions from code review 2024-02-29 15:36:57 +01:00			`==== Use specific password hashing algorithms`

			`In general, relying on an algorithm with no known weaknesses is also`
			`a requirement. This prevents the use of the MD5 or SHA-1 algorithms.`

			`While considered strong for some use cases, some algorithms, like SHA-family`
			`functions, are too fast to compute and therefore susceptible to brute force`
			`attacks, especially with attack-dedicated hardware. Modern, slow, password`
			`hashing algorithms such as bcrypt, PBKDF2 or argon2 are recommended.`