Encryption

[radofeya]

Consider the several encryption algorithm below:
Sha1
Sha-224
Sha-256
Sha-384
Sha-512

which is your first choice?
Is that Sha-512 having the most secure due to it's output size?

What is the effect if we use this Sha-512 as our password hash algorithm? Do we need this?

[Scoochi2]

It depends on how much security you desire.
Would Darth Vader kill a Stormtrooper by getting in a Tie Fighter, travelling to the Death Star and blowing up the entire planet or would he just whip out his lightsabre?

SHA-1 is suitable for most purposes. But if you do want the additional security (at a price) then take a step up to 256 or even 512.

[xmakina]

Also consider where the end result will be left. If it's in a file that can be accessed easily from the web, such as a file on the website, then you'll want it to be very secure (256 minimum).

If it's going into a database only you and maybe 2 or 3 trusted individuals can see then 1 should be plenty.

[radofeya]

When we making the choices between the various encrypt algorithm, do we need consider the possibility of hash attack and the ?

If so, how? Is that using salt?

2nd, do Sha-256 and Sha-512 reliable? Since they are not yet officially support by NSA

If I'm wrong please correct me..

[mattura]

I use sha1 for database passwords. md5 is just too well known and hashed. But I always add a salt so that reverse hash tables are useless.

You should be aware that some forms of encryption are illegal in the US (and some other countries), so do be careful ;)

PS Isn't sha1 the same as 256?

[radofeya]

sha1 and sha-256 are not same.

sha-224, sha-256, sha-384, and sha-512 are consider as sha2 and able produces a message digest up to 512bits, which as its name.

May I know is that SHA hash function declare under US patent? What is the term and condition? Any patent fee involed?



If I'm wrong please correct me..

[Fearghal]

How can encryption be illegal? I dont understand that. Can someone explain please?

[xmakina]

Basically, during the cold war the yanks didn't want the russians getting their hands on american encryption algorithms. Encryption is, for most governments, treated the same way as guns with restrictive export laws and certain types being illegal for certain situations.

Since 2000 though, these laws have been significantly relaxed. It's more sale/transmission thing than usage. Don't fret over it, everything in MySQL is legal