Three SHA512Managed related questions:
Ben's answer is incorrect, you should not be using SHA* functions to hash passwords. You should be using a hash function that is specifically designed for hashing passwords, such as PBKDF2, BCrypt or SCrypt. Min's answer and comments are correct.
Since you want to use standard .NET library I suggest Rfc2898DeriveBytes which is an implementation of PBKDF2.
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx
If you're looking for preventing brute force attacks take a loot at bcrypt or scrypt. They're designed to be algorithmically slow. So even if an attacker did get a hold of the password database, calculating everything would take forever.
Sha512Managed does not depend on system calls, and has the largest hash size of the built-in hashes. If you're not optimizing for anything else, it would be considered the most secure.
For password cracking purposes, a salt essentially increases the size of the password. Though 'bigger is better,' anything beyond the number of bits of the password itself is largely wasted. So, for a min 8 ASCII character password, you might go for a 64 bit salt.
Yes and no. It's overkill for modern technology; the size of the strings are irrelevant. If you need your passwords to be secure for the next 100 years, well, go for 512.
A reference: http://www.codeproject.com/KB/security/Cryptography_NET.aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.