---

SHA-512 w/ per User Salts is Not Enough

“Back in January, I was having a causal conversation about
passwords at a local gathering about security and was asked what we
use for storing the passwords. I stated that we are using sha-512
w/ per user salts but we are looking at moving away from this
standard to something much stronger.

The response that I received from this person was pretty much in
line with other comments I have received and seen on some of our
forums. The two most common responses are: “Oh good, you are using
per user salts” and “yeah, using sha-512 is much better than md5.”
Granted, these comments are true, using sha-512 is better than
using md5 and better than not using per user salts but there is
still a weakness that I feel is overlooked.”


Complete Story


Complete Story