8

I am developing a website which requires users to register to it in order to use it's functions and I was wondering if SHA-256 + salt (random salt provided by RNGCryptoServiceProvider in C#) is secure and good enough to use in 2017?

Itay080
  • 185
  • 1
  • 1
  • 7

2 Answers2

17

For password storage, salted SHA256 hashes are not recommended. This is because the general purpose SHA256 is designed to be fast. Fast is exactly what you do not want for a password hashing algorithm, because it makes brute force and dictionary attacks far more efficient.

Password storage hashes are designed to require a certain workload and in some instances, a minimum memory requirement. Good password storage scheme are designed to be hard to serialize and/or optimize.

The recommended password storage scheme in 2017 is BCrypt hash, with PBKDF2 as alternative, but slightly less regarded, option.

For a more complete answer, please read the sec.se 'standard answer' on password hashing by Thomas Pornin.

Jacco
  • 7,512
  • 4
  • 32
  • 53
  • While I agree with the answer in general, that there is no real way to protect bad passwords in your DB against a dictionary attack. – Eiver Jun 29 '17 at 11:17
  • 4
    @Eiver You can't protect against the absolute worst passwords; but the difference between 10k tries/second/box and 10b tries/sec/box is enough to protect the average user who has a marginally strong password against non-targetted attacks. – Dan Is Fiddling By Firelight Jun 29 '17 at 12:27
  • Bitcoin is based on SHA-256. If a Bitcoin secret is so easy to be brute-forced because of the speed of SHA-256, it wouldn't have been chosen. Now, is a password more important than a Bitcoin secret to call for a slower algorithm to delay the brute-force? I don't think so. – RomanKousta Mar 03 '21 at 23:52
1

It could be - if it meets your risk assessment for the potential threats you feel it faces.

But I would recommend you look at using a Password Based Derivation Function. These are hashed based style functions ideal for password storage.

Look into PBKF#2 for your C# application. There is also the widely used Bcrypt (although I use the former with C# as it's native)

This maybe of help: https://lockmedown.com/hash-right-implementing-pbkdf2-net/

But I recommend you check the MSDN documentation for up to date information.

ISMSDEV
  • 3,272
  • 12
  • 22