Welcome to WebmasterWorld Guest from 54.196.224.166

Forum Moderators: open

Message Too Old, No Replies

sha512

sha512

     

typomaniac

4:54 pm on Sep 8, 2012 (gmt 0)

5+ Year Member



Am curious, if I were to use sha512 to encrypt an email address or password, how hard is it to decrypt(I'm talking about malicious people)?
Not concerned about decrypting in the script as the input is compared with the info in the database which is also encrypted using sha512 but only curious about outsiders stealing email addresses mainly.
Thanx

swa66

7:52 am on Sep 9, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



sha-512 is a hash algorithm from the sha-2 family.

In a head-on brute force attack (which nobody will try) the hash is 2^256 times stronger than sha-256 (that's a lot).
But it shares all weaknesses with the other SHA-2 family members.

What I would do:
- sha-256 is really good enough for now - be ready to move to sha-3 once it is chosen
- by all means add a long salt - storing password hashes that are unsalted is almost criminal as it exposes you to rainbow table attacks.

You seem to send the hash of a password over the wire ? You do realize that any eavesdropper along the way now has the hash of the password and that that's plenty to get authenticated without knowing the password itself.

I'd stick to standard mechanisms intead of trying to build your own solution out of building blocks - in crypto you fail instantly if you try to do that.

typomaniac

4:07 am on Sep 10, 2012 (gmt 0)

5+ Year Member



I sure feel like a Bozo having asked that question--not a matter of "what was I thinking" but purely a case of not thinking. Appears I'm going to have to resort to SSL if I want to protect passwords.

swa66

7:06 am on Sep 10, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Actually: don't feel bad, you'd be amazed how many actually deployed and installed systems out there contain basic errors.

It doesn't help that almost every example in almost every tutorial makes bad choices security wise. We're setting up the world for failure that way...
 

Featured Threads

Hot Threads This Week

Hot Threads This Month