references: http://stackoverflow.com/questions/3897434/password-security-sha1-sha256-or-sha512

57 down vote

Do not write your own password-hashing function! Leave this to seasoned cryptographers. Cryptography is hard to get right. Security is hard to get right.

SHA1, SHA256 and SHA512 are message digests, not password-hashing functions.

Currently, the only standard (as in sanctioned by NIST) password hashing or key-derivation function is PBKDF2. Other reasonable choices, if using a standard is not required, are bcrypt and the newer scrypt. Wikipedia has pages for all three functions:

• https://en.wikipedia.org/wiki/PBKDF2
• https://en.wikipedia.org/wiki/Bcrypt
• https://en.wikipedia.org/wiki/Scrypt

Switching from SHA1 to SHA256 or SHA512 will not improve the security of the construction so much. Computing a SHA256 or SHA512 hash is very fast. An attacker with common hardware could still try tens of millions (with a single CPU) or even billions (with a single GPU) of hashes per second. Good password hashing functions include a work factor to slow down attackers.

Here's another weakness in the above scheme: an attacker can precompute a password hash once and reuse it for every entry in the password file or database. Once the precomputation is done, computing the hashes for these passwords with a given salt value is trivial, because message digests work incrementally. Thus, the precomputations for $password can be reused to compute the hash for $password.$salt for every value of $salt in the password file.

Here are some suggestions for PHP programmers: first, read the PHP FAQ: http://php.net/manual/en/faq.passwords.php and then use crypt() or PHPPASS: http://www.openwall.com/phpass/.