IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sha2]

SHA2 is a family of cryptographic hash algorithms, including SHA256 and SHA512. These are the successor to the SHA1 algorithm.

43 questions
60
votes
4 answers

What is SHA-3 and why did we change it?

On the 2nd of October NIST decided that SHA-3 is the new standard hashing algorithm, does this mean we need to stop using SHA-2 as it is not secure? What is this SHA-3 anyway?
Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
12
votes
3 answers

What does GUID have, that a Whirlpool, MD5 or SHA-2 hash don't?

I'm trying to understand the use of GUID and what has always left me wondering is what's so special about them that I should consider using them instead of rolling my own type of unique ID. In other words, why can't I use a Whirlpool hash like:…
dendini
  • 680
  • 2
  • 8
  • 12
12
votes
5 answers

Gold Standard for password hashing

I've developing a web application that will be dealing with highly sensitive information and I want to ensure the hashing of passwords is gold standard. Ideally I'd go for per-user salted SHA512 using PBKDF2 to carry out multiple iterations of the…
Drunk Goldfish
  • 123
  • 1
  • 5
11
votes
5 answers

Is this way of encoding cryptographic hashes safe?

I'm looking at the code of a particular web application that handle file uploads. For some reason, instead of using the cryptographic hash function (SHA-256 in this case), they derive an ID from it, and use that everywhere instead, to identify files…
S. B.
  • 111
  • 3
9
votes
1 answer

Are there sha 512 rainbow tables available?

Are there sha 512 rainbow tables available for download or what kind of dimensions and processing power would be required to generate them?
ioanv
  • 91
  • 1
  • 1
  • 2
8
votes
3 answers

Argon2 vs SHA-512, what's better in my case?

First I am very bad in cryptographic algorithms. I found online that Argon2 is more secure than SHA-512, so I used it for password hashing. There're recommended options for Argon2: Memory: 4Gb Iterations: 4 or more On my ancient server it takes a…
Denis Sologub
  • 183
  • 1
  • 5
7
votes
2 answers

Rounds of MD5 and SHA512 Hashing Algorithms

What is the exact number of rounds employed by the MD5 and SHA512 hashing algorithms? According to various sources, the SHA512 hashing algorithm employs a total of 80 rounds (http://en.wikipedia.org/wiki/SHA2). On the other hand, I am confused when…
Matthew
  • 621
  • 2
  • 11
  • 18
6
votes
1 answer

How vulnerable is IPSec HMAC-SHA1

There are a few references out there that say HMAC-SHA2 must be used over HMAC-SHA1. If I am using an IPsec link with HMAC-SHA1, how vulnerable is it to being intercepted and cracked?
user1513637
  • 225
  • 2
  • 6
5
votes
2 answers

What is the meaning of the term "simple string" for the SALT string in Unix crypt using SHA-256 and SHA-512?

In Unix crypt using SHA-256 and SHA-512 the author, Ulrich Drepper, introduces the SALT string as the following (highlight by me): For the SHA-based methods the SALT string can be a simple string of which up to 16 characters are used. What is…
hakre
  • 189
  • 1
  • 5
4
votes
0 answers

I/O cost and dedicated hashing hardware/ SHA2/ PBKDF2

Is there existing work (or algorithms) that explore (or exploit) imposing an i/o cost to disadvantage hashing hardware, while still using SHA2-family of hashes? Is this even possible, or would any such effort be trivial to circumvent? My goal is to…
brynk
  • 832
  • 2
  • 13
4
votes
1 answer

Using PBKDF2 with AES and SHA2

I use the following inputs to encrypt using AES: UserPassword (plain text) SecretKey RandomIV I use the following inputs to encrypt using SHA512: UserPassword (plain text) RandomSalt I'd like to enhance both encryption methods above by using…
ShocK
  • 41
  • 1
  • 3
3
votes
2 answers

Decoding SHA-512 value

How does the SHA-512 decoder on the following page work? http://md5hashing.net/hashing/sha512#main Hash values supposed to be unable to reverse. Is this page fake?
user2449761
  • 253
  • 3
  • 6
3
votes
2 answers

Which hashing algorithm is ideal for use on the web?

I am new here, and have poked around the site looking for an overview of which hash algorithm to use on the web and why. It seems to be the consensus that SHA-256 or other SHA-2 family algorithms are the best because they do not have the collisions…
JHS
  • 152
  • 1
  • 7
3
votes
2 answers

Is there a cryptographic disadvantage to applying bcrypt to an already hashed password

I originally asked this on stackoverflow, but due to lack of traction and a recommendation by a user there I have asked it here too. Imagine a scenario where a client application is sending a password to a backend server so that the server can…
David
  • 167
  • 6
2
votes
1 answer

Hashing algorithm for cryptsetup

I will encrypt my SSD using cryptsetup and I would like to know which hashing algprithm to use. First of all, cryptsetup benchmark: PBKDF2-sha256 262144 iterations per second PBKDF2-sha512 167397 iterations per second PBKDF2-ripemd160 …
trog
  • 23
  • 5
1
2 3