Incorrect Cryptography recommendations #75
Description
In the Cryptography Practices section we say the following:
MD5 is the most popular hashing algorithm, but securitywise BLAKE2 is considered the strongest and most flexible.
and
To fight back, the hashing function should be inherently slow, using at least 10,000 iterations.
MD5 is deprecated and insecure; we should never list it as a compliant sample. Additionally, iterated hashing is incorrect, and. we should recommend key stretching or some other mechanism for handling these scenarios. Lastly, there are no mentions of HMACs, which are the correct solution to authentication issues.
I can help massage these sections with some input from our cryptographers.
Additionally, we say:
Please not that slowness is something desired on a cryptographic hashing algorithm.
Which should be "Please note..."