SHA512, SHA256, SHA1, and MD5 are vulnerable to a length extension attack. SHA224 and SHA384 are not since reduced output to internal state, SHA3 is also not vulnerable. Having that in mind, SHA512 is a good cryptographic collision-resistant hash function.
It depends on your use case. You can’t broadly claim “superiority”. (I mean, yes you can, in some cases, but to be strict about it, you can’t really). But there are areas where MD5 has been broken: For starters: MD5 is old, and common. There are tons of rainbow tables against it, and they’re easy … Read more
The problem must be the actual representation of the key/message data. See the following tests: PHP #!/usr/bin/php <?php print strtoupper(hash_hmac(“sha256”, “message”, “key”)); ?> Output (live via http://writecodeonline.com/php/): 6E9EF29B75FFFC5B7ABAE527D58FDADB2FE42E7219011976917343065F58ED4A C# using System; using System.Text; using System.Security.Cryptography; public class Program { private const string key = “key”; private const string message = “message”; private static readonly Encoding … Read more
Most uses of SHA-1 are for interoperability: we use SHA-1 when we implement protocols where SHA-1 is mandated. Ease of development also comes into account: SHA-1 implementations in various languages and programming environment are more common than SHA-512 implementations. Also, even so most usages of hash functions do not have performance issues (at least, no … Read more
you can use this for SHA-512 (Not a good choice for password hashing). import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public String get_SHA_512_SecurePassword(String passwordToHash, String salt){ String generatedPassword = null; try { MessageDigest md = MessageDigest.getInstance(“SHA-512”); md.update(salt.getBytes(StandardCharsets.UTF_8)); byte[] bytes = md.digest(passwordToHash.getBytes(StandardCharsets.UTF_8)); StringBuilder sb = new StringBuilder(); for(int i=0; i< bytes.length ;i++){ sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, … Read more
Switching to SHA512 will hardly make your website more secure. You should not write your own password hashing function. Instead, use an existing implementation. SHA256 and SHA512 are message digests, they were never meant to be password-hashing (or key-derivation) functions. (Although a message digest could be used a building block for a KDF, such as … Read more
As the name implies, it’s 512 bits, that is 64 bytes. But that’s the hash, maybe you’re wondering about a specific representation of that hash in string, as is commonly used, then it depends of the given representation. If you write the hash in hexa, then it will be 128 characters. If you write the … Read more