1

Today I have read this discussion about SHA-256 and SHA-512 and that we should not use any of them to store a password securely. And I have read here that instead we can use the PBKDF2 hashing function, because we can use salt and specify the number of iterations. That is great, but what about if I use a salt and iterating with SHA-512?
For example, consider this simple implementation:

string Password= "admin";
for(int I= 0; I<numberOfIterations, I++)
{
   Password = sha512(Password+salt);
}
store(Password);

So is it possible to apply something like this?

Community
  • 1
Mo Haidar
  • 449
  • 2
  • 7
  • 15
  • 2
    PBKDF2 is not the same as sha2 + salt + iterations. This explanation is just used to simplify the algorithm and make it more understandable for a wider audience. – bayo Aug 10 '15 at 14:26
  • i would suggest doing more reading first. There is a lot of literature on this. – Jerry Saravia Aug 10 '15 at 15:01
  • @JerrySaravia could you guide me to an article talking about this topic using salt and iterating with sha512 – Mo Haidar Aug 10 '15 at 15:09
  • 2
    I would suggest for some basics: https://crackstation.net/hashing-security.htm

    One thing it mentions is : `Key stretching is implemented using a special type of CPU-intensive hash function. Don't try to invent your own–simply iteratively hashing the hash of the password isn't enough as it can be parallelized in hardware and executed as fast as a normal hash. Use a standard algorithm like PBKDF2 or bcrypt. You can find a PHP implementation of PBKDF2 here.'

     – Jerry Saravia Aug 10 '15 at 15:28
  • Is there a reason that you are looking to roll your own password storage mechanism? – Neil Smithline Aug 10 '15 at 16:09
  • Why down-vote instead of answering "No, because rolling your own is always a bad idea"? – akaltar Aug 10 '15 at 16:13
  • I suggest bcrypt over PBKDF2. Don't use SHA-512, it's a big mistake. – Sakamaki Izayoi Aug 10 '15 at 17:21
  • @SakamakiIzayoi I know hat it is a big mistake to use it alone but I need a convincing answer about why should not I use it when I use salting and iteration with it. read here – Mo Haidar Aug 10 '15 at 17:25
  • @user3260672 There are already plenty of posts on here that explain why bcrypt is better than other hashing algos such as MD5, SHA-1, SHA-256, SHA-512, etc. – Sakamaki Izayoi Aug 10 '15 at 17:28
  • I have read a lot of them and they talk about the sha family when you do not use them with salting and iteration – Mo Haidar Aug 10 '15 at 17:31

1 Answers1

13

Today I have read this discussion about wheels and that we should not simply strap ourselves to a wheel to travel on a multilane highway. And I have read here that instead we can take the bus, because it has safety features. That is great, but what about if I use a seatbelt with my wheel?

Salting is good. Iterations are good. SHA-512 is a good general-purpose hashing algorithm. But you can't just take a bunch of good things and strap them together and expect to have something safe to use. Like a commercial bus, PBKDF2 (or bcrypt, or scrypt, or Argon2) has lots of advantages over a homemade solution, primarily:

  1. It has been tested extensively by experts.
  2. There are multiple implementations, so your user database can be copied to a new platform with minimal fuss.
  3. It has protections against problems you don't know are even problems (i.e. it was built by experts).
bonsaiviking
  • 11,666
  • 1
  • 29
  • 50