Best practice for hashing passwords – SHA256 or SHA512?

by

Switching to SHA512 will hardly make your website more secure. You should not write your own password hashing function. Instead, use an existing implementation.

SHA256 and SHA512 are message digests, they were never meant to be password-hashing (or key-derivation) functions. (Although a message digest could be used a building block for a KDF, such as in PBKDF2 with HMAC-SHA256.)

A password-hashing function should defend against dictionary attacks and rainbow tables. In order to defend against dictionary attacks, a password hashing scheme must include a work factor to make it as slow as is workable.

Currently, the best choice is probably Argon2. This family of password hashing functions won the Password Hashing Competition in 2015.

If Argon2 is not available, the only other standardized password-hashing or key-derivation function is PBKDF2, which is an oldish NIST standard. Other choices, if using a standard is not required, include bcrypt and scrypt.

Wikipedia has pages for these functions:

EDIT: NIST does not recommend using message digests such as SHA2 or SHA3 directly to hash passwords! Here is what NIST recommends:

Memorized secrets SHALL be salted and hashed using a suitable one-way
key derivation function. Key derivation functions take a password, a
salt, and a cost factor as inputs then generate a password hash. Their
purpose is to make each password guessing trial by an attacker who has
obtained a password hash file expensive and therefore the cost of a
guessing attack high or prohibitive. Examples of suitable key
derivation functions include Password-based Key Derivation Function 2
(PBKDF2) [SP 800-132] and Balloon [BALLOON].

More Related Contents:

  1. Salting Your Password: Best Practices? [closed]
  2. Is it possible to decrypt MD5 hashes?
  3. Is “double hashing” a password less secure than just hashing it once?
  4. What data type to use for hashed password field and what length?
  5. How does password salt help against a rainbow table attack?
  6. Are there any SHA-256 javascript implementations that are generally considered trustworthy? [closed]
  7. yii CPasswordHelper: hashPassword and verifyPassword
  8. How come MD5 hash values are not reversible?
  9. Is calculating an MD5 hash less CPU intensive than SHA family functions?
  10. How long to brute force a salted SHA-512 hash? (salt provided)
  11. Can two different strings generate the same MD5 hash code?
  12. Is it possible to decrypt MD5 hashes?
  13. How to hash a password with SHA-512 in Java?
  14. Why hash_equals and password_verify are not working properly?
  15. Secure hash and salt for PHP passwords
  16. Difference between Hashing a Password and Encrypting it
  17. Are mutable hashmap keys a dangerous practice?
  18. Is it worth hashing passwords on the client side
  19. SHA512 vs. Blowfish and Bcrypt [closed]
  20. Probability of SHA1 collisions
  21. Why is XOR the default way to combine hashes?
  22. Salt and hash a password in Python
  23. What algorithm should I use to hash passwords into my database? [duplicate]
  24. How to create a laravel hashed password
  25. password_hash returns different value every time
  26. Is MD5 still good enough to uniquely identify files?
  27. Why are XOR often used in java hashCode() but another bitwise operators are used rarely?
  28. Why not use MD5 for password hashing?
  29. How to “EXPIRE” the “HSET” child key in redis?
  30. How do I hash a string with Delphi?

Leave a Comment