Using SHA256 + SHA512 hash for password?

Question

Using SHA256 + SHA512 hash for password?

I am creating a method that I will use for a hash password to store in a database. I would like to ask for advice if my hashing methods are sufficient or too complex to complete the task.

Dim result As Byte() Dim mixer As String Try Dim sha As New SHA512CryptoServiceProvider mixer = txt_salt.Text.ToUpper + txt_pass.Text.Trim result = sha.ComputeHash(System.Text.Encoding.ASCII.GetBytes(mixer)) txt_sha.Text = Convert.ToBase64String(result) Catch ex As Exception MsgBox(ex.ToString) End Try

Thanks.

+4

security passwords vb.net

Mr a Dec 01 '11 at 7:12

source share

1 answer

user166390 · Accepted Answer · 2011-12-01T07:16:41+0000

Not enough.

No salt:
- vulnerable to rainbow tables (if hashes leaked)
- : use arbitrary salt in a large domain
Hashes are too fast:
- vulnerable to brute force (if hashes leaked)
- most hashing algorithms are designed to be fast
- : bcrypt , scrypt or several (many !!!) rounds
No HMAC:
- does not have an additional "server secret" (stored outside of db!)
- : hmac-sha1 etc.
Not part of a well-tested authentication library / framework:
- this is the implementation of "roll your own".
- solution: do not reinvent the wheel if it is not this or these :)

As for the “bit,” SHA1 does a great job of 160 (but for other reasons, this is not entirely). Running both SHA256 + SH512 just complicates the issue for zero gain. (In fact, these are small losses caused by additional storage requirements.)

I suggest using an existing library / system if this is not an academic project :)

Happy coding.

Using SHA256 + SHA512 hash for password?

More articles: