Which hashing algorithm is commonly used for password storage?

The commonly used hashing algorithm for password storage is Scrypt. This choice is favored because it is specifically designed to be computationally intensive and memory-consuming, which increases the difficulty for attackers attempting to use brute force or dictionary attacks on hashed passwords.

Scrypt incorporates both CPU and memory costs, making it particularly resistant to hardware attacks using specialized equipment (like ASICs), which might be used to crack simpler algorithms. Additionally, Scrypt allows for tunable parameters to adjust the difficulty level, further enhancing security.

In contrast, other algorithms mentioned, such as SHA-1 and MD-5, while they have been used historically for various hashing purposes, are now considered insecure for password storage due to vulnerabilities that can lead to collision attacks. DES-2048 refers to a symmetric encryption algorithm rather than a hashing algorithm and is not used for password storage. The focus on computational difficulty in Scrypt makes it the appropriate choice for securely handling passwords.