Benefits of running sha512 hash function several times

Question

I have seen this piece of code in a publication. What benefits does it bring to generate the hash 11 times? Is it more secure than one because of entropy?

var hash = sha512(salt+":"+user+":"+passwd);
for(i = 0; i < 10; i++)
    hash = sha512(salt+":"+user+":"+passwd);

Answer 1

The final hash value in this example is not any more secure (nor even any different whatsoever) than if it were hashed once. The only effect I can see from the provided code is that it takes longer.

Regarding some of the links, comments and other answer regarding repeated hashing, this is only meaningful if the subsequent hash functions are applied to the output of the previous hash. The asker's example simply hashes the same data over and over, producing the same result.

This code might be more effective:

var hash = sha512(salt+":"+user+":"+passwd);
for(i = 0; i < 10; i++)
    hash = sha512(salt+":"+user+":"+passwd+":"+hash);

Answer 2

It is more secure in cases that an attacker gains access to the database containing the hashed passwords.

Having it hashed multiple times will slow down the attacker by a factor linear to the number of hash iterations while trying to guess the plain passwords from the hashes using brute force attack.

In that perspective, I would say that 10 is a rather small number and if this case (an attacker gains access to passwords database) is a concern to you, I guess it is better to to more iterations than 10 (say 1000).

Edit: I just noticed that in the question the repeating hash is always using the original password, and it is not hashing it over and over again like the following code

var hash = sha512(salt+":"+user+":"+passwd);
for(i = 0; i < 10; i++)
    hash = sha512(salt+":"+user+":"+hash);

My response refers to this case (hashing the hash over and over again) and not to the code mentioned in the question.