In one of my flask project I'm using Flask-security module for security mechanism. In module configuration I have 3 choices for password hashing algorithm bcrypt, sha512_crypt, pbkdf2_sha512.
Can any one suggest me which to use and why?
Any help would be appreciated.
All of these are acceptable choices. I prefer bcrypt, because it's GPU unfriendly, so an attacker won't have a big advantage when they use a GPU while your server uses a CPU to hash.
Make sure to choose a work factor that's as big as possible while offering acceptable performance. Should be somewhere between 10 and 100ms for typical web servers.
