Using SHA256 + SHA512 hash for password?

I'm creating a method that I will use to hash password to store in a database. I would like to seek advice if my methods in hashing is sufficient or overkill for the task.

    Dim result As Byte()
    Dim mixer As String

        Dim sha As New SHA512CryptoServiceProvider

        mixer = txt_salt.Text.ToUpper + txt_pass.Text.Trim
        result = sha.ComputeHash(System.Text.Encoding.ASCII.GetBytes(mixer))

        txt_sha.Text = Convert.ToBase64String(result)
    Catch ex As Exception
    End Try



It is insufficient.

  1. No salt:
    • vulnerable to rainbow tables (if hashes are leaked)
    • solution: use random salt in large domain
  2. Hashes are too fast:
    • vulnerable to brute-force (if hashes are leaked)
    • most hashing algorithms are designed to be fast
    • solution: bcrypt, scrypt or multiple (many!!!) rounds
  3. No HMAC:
    • does not have additional "server secret" (stored outside db!)
    • solution: hmac-sha1, etc.
  4. Not part of a well-tested library/framework for authentication:
    • this is a "roll your own" implementation
    • solution: don't reinvent a wheel, unless it's one of these or these :)

As far as "bits" go, SHA1 is perfectly fine with 160 (but it is not fine [by itself] for other reasons). Doing both SHA256+SH512 just complicates the matter for zero gain. (Actually, it is a very slight net loss due to the extra storage requirements.)

I suggest using an existing library/system, unless this is an academic project :)

Happy coding.

Need Your Help

alertdialog - removeView has to get called

java android android-edittext alertdialog

I have a alert dialog with a editText area. When I call it a second time, the app crashes with error:

how to get the source code based on url using java script?

javascript jquery url cross-browser xmlhttprequest

i wrote some code to get the html source code but it is working only IE8,but not working on mozila and chrome , what is the problem , please give me suggestion.