Hello,
Thanks for the explanation. So should I go with SSHA512 or SHA512-CRYPT? From your explanation i'm interpreting to mean that SHA512-CRYPT also salts. This is for storing in a mysql database. Also, what should the password field length and type be set for? Currently it's varchar(128)
Thanks. Dave.
On 4/29/17, Aki Tuomi aki.tuomi@dovecot.fi wrote:
On April 29, 2017 at 4:22 AM David Mehler dave.mehler@gmail.com wrote:
Hello,
I have a few questions on password schemes. Is SHA512 the most secure? Is there a difference between SHA512 and SHA512-CRYPT? What about SSHA512 and SSH512-CRYPT?
Is there a problem with this sql statement:
UPDATE virtual_users SET password=CONCAT(‘{SHA256-CRYPT}’, ENCRYPT (‘Password Goes Here’, CONCAT(‘$5$’, SUBSTRING(SHA(RAND()), -16)))) WHERE user=’user@example.com’;
I'm getting an error 1064 at the ending email address.
Thanks. Dave.
SSHA512 is salted SHA512, SHA512-CRYPT is crypt(3) compatible salted hash. PCKS5 or SHA512-CRYPT with over 1000 rounds is probably very secure, but SHA512-CRYPT is also good. Using SHA512 is not recommended, as it's unsalted hash.
If ENCRYPT is same as crypt(3) then you can try put rounds into salt, like "$6$rounds=4000$s9Zc4OA11IuLt/iV$".
Aki