Menu
I'm building a web application and would like to use the strongest hashing algorithm possible for passwords. What are the differences, if any, between sha512, whirlpool, ripemd160 and tiger192,4? Which one would be considered cryptographically stronger?
760
1 SHA-256 or SHA-2 SHA-1 is a 160-bit hash and SHA-256 generates an almost-unique 256-bit (32-byte) signature for a text. SHA-256 is one of the successor and strongest hash functions to SHA-1. It is not much more complex to code than SHA-1 and has not yet been compromised in any way [1].
As general rule, 128-bit hash functions are weaker than 256-bit hash functions, which are weaker than 512-bit hash functions. Thus, SHA-512 is stronger than SHA-256, so we can expect that for SHA-512 it is more unlikely to practically find a collision than for SHA-256.
The reason why SHA-512 is faster than SHA-256 on 64-bit machines is that has 37.5% less rounds per byte (80 rounds operating on 128 byte blocks) compared to SHA- 256 (64 rounds operating on 64 byte blocks), where the operations use 64-bit integer arithmetic.
If you are actually concerned about the security of your system (as opposed to the quite academic strength of algorithms) then you should go with a proven and mature implementation instead of nitpicking algorithms.
I would recommend Ulrich Drepper's SHA-crypt implementation. This implementation uses SHA-512, a 16 character long salt, is peer reviewed and scheduled to go into all major Linux distributions via glibc 2.7.
P.S.: Once you have reached this level of security, you'll be visited by the black helicopters anyways.
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
