Not enough.
- No salt:
- Hashes are too fast:
- vulnerable to brute force (if hashes leaked)
- most hashing algorithms are designed to be fast
- : bcrypt , scrypt or several (many !!!) rounds
- No HMAC:
- does not have an additional "server secret" (stored outside of db!)
- : hmac-sha1 etc.
- Not part of a well-tested authentication library / framework:
- this is the implementation of "roll your own".
- solution: do not reinvent the wheel if it is not this or these :)
As for the βbit,β SHA1 does a great job of 160 (but for other reasons, this is not entirely). Running both SHA256 + SH512 just complicates the issue for zero gain. (In fact, these are small losses caused by additional storage requirements.)
I suggest using an existing library / system if this is not an academic project :)
Happy coding.
user166390
source share