Arturo Arturo - 16 days ago 5
Javascript Question

Benefits of running sha512 hash function several times

I have seen this piece of code in a publication. What benefits does it bring to generate the hash 11 times? Is it more secure than one because of entropy?

var hash = sha512(salt+":"+user+":"+passwd);
for(i = 0; i < 10; i++)
hash = sha512(salt+":"+user+":"+passwd);

Answer

It is more secure in cases that an attacker gains access to the database containing the hashed passwords.

Having it hashed multiple times will slow down the attacker by a factor linear to the number of hash iterations while trying to guess the plain passwords from the hashes using brute force attack.

In that perspective, I would say that 10 is a rather small number and if this case (an attacker gains access to passwords database) is a concern to you, I guess it is better to to more iterations than 10 (say 1000).