Am curious, if I were to use sha512 to encrypt an email address or password, how hard is it to decrypt(I'm talking about malicious people)? Not concerned about decrypting in the script as the input is compared with the info in the database which is also encrypted using sha512 but only curious about outsiders stealing email addresses mainly. Thanx
Msg#: 4492690 posted 7:52 am on Sep 9, 2012 (gmt 0)
sha-512 is a hash algorithm from the sha-2 family.
In a head-on brute force attack (which nobody will try) the hash is 2^256 times stronger than sha-256 (that's a lot). But it shares all weaknesses with the other SHA-2 family members.
What I would do: - sha-256 is really good enough for now - be ready to move to sha-3 once it is chosen - by all means add a long salt - storing password hashes that are unsalted is almost criminal as it exposes you to rainbow table attacks.
You seem to send the hash of a password over the wire ? You do realize that any eavesdropper along the way now has the hash of the password and that that's plenty to get authenticated without knowing the password itself.
I'd stick to standard mechanisms intead of trying to build your own solution out of building blocks - in crypto you fail instantly if you try to do that.