Arturo Arturo - 9 months ago 64
Javascript Question

Benefits of running sha512 hash function several times

I have seen this piece of code in a publication. What benefits does it bring to generate the hash 11 times? Is it more secure than one because of entropy?

var hash = sha512(salt+":"+user+":"+passwd);
for(i = 0; i < 10; i++)
hash = sha512(salt+":"+user+":"+passwd);

Answer Source

It is more secure in cases that an attacker gains access to the database containing the hashed passwords.

Having it hashed multiple times will slow down the attacker by a factor linear to the number of hash iterations while trying to guess the plain passwords from the hashes using brute force attack.

In that perspective, I would say that 10 is a rather small number and if this case (an attacker gains access to passwords database) is a concern to you, I guess it is better to to more iterations than 10 (say 1000).