===================================
FSHP: Fairly Secure Hashed Password
===================================

What is FSHP?
-------------
Fairly Secure Hashed Password (FSHP) is a salted, iteratively hashed
password hashing implementation.

Design principle is similar with PBKDF1 specification in RFC 2898 
*(a.k.a: PKCS #5: Password-Based Cryptography Specification Version 2.0)*

FSHP allows choosing the salt length, number of iterations and the
underlying cryptographic hash function among SHA-1 and SHA-2 (256, 384, 512).

Security
--------
Default FSHP1 uses 8 byte salts, with 4096 iterations of SHA-256 hashing.

- 8 byte salt renders rainbow table attacks impractical by multiplying the
  required space with 2^64.
- 4096 iterations causes brute force attacks to be fairly expensive.
- There are no known attacks against SHA-256 to find collisions with
  a computational effort of fewer than 2^128 operations at the time of
  this release.


Other Language Implementations
------------------------------
- Python: Tested with 2.3.5 *(w/ hashlib)*, 2.5.1, 2.6.1
- Ruby  : Tested with 1.8.6
- PHP5  : Tested with 5.2.6
- Java  : Tested with 1.4, 1.5, 1.6.
  Dependency: Apache Commons - Codec (Base64)

Everyone is more than welcome to create missing language implementations or
polish the current ones.

