Difference between SSHA512 and SHA512

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I am using SSHA512 to encrypt email user's passwords. Manually doing this works using doveadm from dovecot. But I can't seem to implement this in my mail client. I can, however, use SHA512.



Is SHA512 less secure than SSHA512?










share|improve this question









New contributor




Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • After a quick search I found this code which shows you how not to implement the SSHA-512 algorithm in Java, but if you have any issues implementing it you can always ask on StackOverflow.
    – Maarten Bodewes
    50 mins ago















up vote
2
down vote

favorite












I am using SSHA512 to encrypt email user's passwords. Manually doing this works using doveadm from dovecot. But I can't seem to implement this in my mail client. I can, however, use SHA512.



Is SHA512 less secure than SSHA512?










share|improve this question









New contributor




Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • After a quick search I found this code which shows you how not to implement the SSHA-512 algorithm in Java, but if you have any issues implementing it you can always ask on StackOverflow.
    – Maarten Bodewes
    50 mins ago













up vote
2
down vote

favorite









up vote
2
down vote

favorite











I am using SSHA512 to encrypt email user's passwords. Manually doing this works using doveadm from dovecot. But I can't seem to implement this in my mail client. I can, however, use SHA512.



Is SHA512 less secure than SSHA512?










share|improve this question









New contributor




Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I am using SSHA512 to encrypt email user's passwords. Manually doing this works using doveadm from dovecot. But I can't seem to implement this in my mail client. I can, however, use SHA512.



Is SHA512 less secure than SSHA512?







passwords password-hashing






share|improve this question









New contributor




Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 59 mins ago









Gilles

7,28532549




7,28532549






New contributor




Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 4 hours ago









Cliff Crerar

112




112




New contributor




Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Cliff Crerar is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • After a quick search I found this code which shows you how not to implement the SSHA-512 algorithm in Java, but if you have any issues implementing it you can always ask on StackOverflow.
    – Maarten Bodewes
    50 mins ago

















  • After a quick search I found this code which shows you how not to implement the SSHA-512 algorithm in Java, but if you have any issues implementing it you can always ask on StackOverflow.
    – Maarten Bodewes
    50 mins ago
















After a quick search I found this code which shows you how not to implement the SSHA-512 algorithm in Java, but if you have any issues implementing it you can always ask on StackOverflow.
– Maarten Bodewes
50 mins ago





After a quick search I found this code which shows you how not to implement the SSHA-512 algorithm in Java, but if you have any issues implementing it you can always ask on StackOverflow.
– Maarten Bodewes
50 mins ago











1 Answer
1






active

oldest

votes

















up vote
3
down vote














Is SHA512 less secure than SSHA512?




Hashing passwords plainly with SHA512 is indeed less secure than using SSHA512. But note that this doesn't imply that using SSHA512 is actually a good / secure method for hashing your passwords.



The reason for the inequality is simple:



$$operatornameSSHA512(textpw,textsalt)=operatornameSHA512(textpwparallel textsalt)parallel textsalt$$



So as you can see it's a case of a single iteration of SHA-512 paired with some basic salting. Salting is a good thing as it (among other things) thwarts rainbow-tables but of course a modern GPU (like the Tesla V100 or with nearly the same speed the RTX 2080 Ti) achieves about 1.8GH/s per card. That is $1.8cdot 10^9$ SHA512 evaluations per second and per card. Also note that for about 25 USD/hr you can rent 8 of these on AWS which gives you about 2.1 TH/USD, that is an attacker can try about $2 000 000 000 000$ password hashes for a single US-Dollar. So if the user has any even remotely weak password, it's a matter of a few USD to break it.



The more modern approach is then to use Argon2 or bcrypt instead which perform much worse on GPUs.






share|improve this answer




















    Your Answer




    StackExchange.ifUsing("editor", function ()
    return StackExchange.using("mathjaxEditing", function ()
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    );
    );
    , "mathjax-editing");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "281"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    Cliff Crerar is a new contributor. Be nice, and check out our Code of Conduct.









     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63515%2fdifference-between-ssha512-and-sha512%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    3
    down vote














    Is SHA512 less secure than SSHA512?




    Hashing passwords plainly with SHA512 is indeed less secure than using SSHA512. But note that this doesn't imply that using SSHA512 is actually a good / secure method for hashing your passwords.



    The reason for the inequality is simple:



    $$operatornameSSHA512(textpw,textsalt)=operatornameSHA512(textpwparallel textsalt)parallel textsalt$$



    So as you can see it's a case of a single iteration of SHA-512 paired with some basic salting. Salting is a good thing as it (among other things) thwarts rainbow-tables but of course a modern GPU (like the Tesla V100 or with nearly the same speed the RTX 2080 Ti) achieves about 1.8GH/s per card. That is $1.8cdot 10^9$ SHA512 evaluations per second and per card. Also note that for about 25 USD/hr you can rent 8 of these on AWS which gives you about 2.1 TH/USD, that is an attacker can try about $2 000 000 000 000$ password hashes for a single US-Dollar. So if the user has any even remotely weak password, it's a matter of a few USD to break it.



    The more modern approach is then to use Argon2 or bcrypt instead which perform much worse on GPUs.






    share|improve this answer
























      up vote
      3
      down vote














      Is SHA512 less secure than SSHA512?




      Hashing passwords plainly with SHA512 is indeed less secure than using SSHA512. But note that this doesn't imply that using SSHA512 is actually a good / secure method for hashing your passwords.



      The reason for the inequality is simple:



      $$operatornameSSHA512(textpw,textsalt)=operatornameSHA512(textpwparallel textsalt)parallel textsalt$$



      So as you can see it's a case of a single iteration of SHA-512 paired with some basic salting. Salting is a good thing as it (among other things) thwarts rainbow-tables but of course a modern GPU (like the Tesla V100 or with nearly the same speed the RTX 2080 Ti) achieves about 1.8GH/s per card. That is $1.8cdot 10^9$ SHA512 evaluations per second and per card. Also note that for about 25 USD/hr you can rent 8 of these on AWS which gives you about 2.1 TH/USD, that is an attacker can try about $2 000 000 000 000$ password hashes for a single US-Dollar. So if the user has any even remotely weak password, it's a matter of a few USD to break it.



      The more modern approach is then to use Argon2 or bcrypt instead which perform much worse on GPUs.






      share|improve this answer






















        up vote
        3
        down vote










        up vote
        3
        down vote










        Is SHA512 less secure than SSHA512?




        Hashing passwords plainly with SHA512 is indeed less secure than using SSHA512. But note that this doesn't imply that using SSHA512 is actually a good / secure method for hashing your passwords.



        The reason for the inequality is simple:



        $$operatornameSSHA512(textpw,textsalt)=operatornameSHA512(textpwparallel textsalt)parallel textsalt$$



        So as you can see it's a case of a single iteration of SHA-512 paired with some basic salting. Salting is a good thing as it (among other things) thwarts rainbow-tables but of course a modern GPU (like the Tesla V100 or with nearly the same speed the RTX 2080 Ti) achieves about 1.8GH/s per card. That is $1.8cdot 10^9$ SHA512 evaluations per second and per card. Also note that for about 25 USD/hr you can rent 8 of these on AWS which gives you about 2.1 TH/USD, that is an attacker can try about $2 000 000 000 000$ password hashes for a single US-Dollar. So if the user has any even remotely weak password, it's a matter of a few USD to break it.



        The more modern approach is then to use Argon2 or bcrypt instead which perform much worse on GPUs.






        share|improve this answer













        Is SHA512 less secure than SSHA512?




        Hashing passwords plainly with SHA512 is indeed less secure than using SSHA512. But note that this doesn't imply that using SSHA512 is actually a good / secure method for hashing your passwords.



        The reason for the inequality is simple:



        $$operatornameSSHA512(textpw,textsalt)=operatornameSHA512(textpwparallel textsalt)parallel textsalt$$



        So as you can see it's a case of a single iteration of SHA-512 paired with some basic salting. Salting is a good thing as it (among other things) thwarts rainbow-tables but of course a modern GPU (like the Tesla V100 or with nearly the same speed the RTX 2080 Ti) achieves about 1.8GH/s per card. That is $1.8cdot 10^9$ SHA512 evaluations per second and per card. Also note that for about 25 USD/hr you can rent 8 of these on AWS which gives you about 2.1 TH/USD, that is an attacker can try about $2 000 000 000 000$ password hashes for a single US-Dollar. So if the user has any even remotely weak password, it's a matter of a few USD to break it.



        The more modern approach is then to use Argon2 or bcrypt instead which perform much worse on GPUs.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 3 hours ago









        SEJPM♦

        27.4k451130




        27.4k451130




















            Cliff Crerar is a new contributor. Be nice, and check out our Code of Conduct.









             

            draft saved


            draft discarded


















            Cliff Crerar is a new contributor. Be nice, and check out our Code of Conduct.












            Cliff Crerar is a new contributor. Be nice, and check out our Code of Conduct.











            Cliff Crerar is a new contributor. Be nice, and check out our Code of Conduct.













             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63515%2fdifference-between-ssha512-and-sha512%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?