Is SHA512Managed considered the best one-way hash available in .NET 3.5 for security?

Question

Three SHA512Managed related questions:

1. Is SHA512Managed considered the best one-way hash available in .NET 3.5 for security?
2. What Salt size should be used with SHA512Managed? The application is for strong passwords with at least 8 characters.
3. Is 512 overkill compared to 256 for small strings?

Answer 1

Ben's answer is incorrect, you should not be using SHA* functions to hash passwords. You should be using a hash function that is specifically designed for hashing passwords, such as PBKDF2, BCrypt or SCrypt. Min's answer and comments are correct.

Since you want to use standard .NET library I suggest Rfc2898DeriveBytes which is an implementation of PBKDF2.

http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx

Answer 2

If you're looking for preventing brute force attacks take a loot at bcrypt or scrypt. They're designed to be algorithmically slow. So even if an attacker did get a hold of the password database, calculating everything would take forever.

http://derekslager.com/blog/posts/2007/10/bcrypt-dotnet-strong-password-hashing-for-dotnet-and-mono.ashx

http://www.tarsnap.com/scrypt.html

Answer 3

1. Sha512Managed does not depend on system calls, and has the largest hash size of the built-in hashes. If you're not optimizing for anything else, it would be considered the most secure.

2. For password cracking purposes, a salt essentially increases the size of the password. Though 'bigger is better,' anything beyond the number of bits of the password itself is largely wasted. So, for a min 8 ASCII character password, you might go for a 64 bit salt.

3. Yes and no. It's overkill for modern technology; the size of the strings are irrelevant. If you need your passwords to be secure for the next 100 years, well, go for 512.

A reference: http://www.codeproject.com/KB/security/Cryptography_NET.aspx