................
I don't have iterative hashing just yet, but SHA512 with a nice long salt seems fairly strong to me. If I do modify for iterative hashing I'd also throw an extra application-specific salt into the (encrypted) stored procedure just so we're not storing ALL the data right there in the table(s)............
Nooooooooooooooooooo
SHA-ANYTHING is not to be used to hash passwords, it doesn't anymore tha md5. The time it takes to hash something with SHA* is meant to be low, it's meant to be a fast hash.
Use BCrypt and set the interative value very high, so it takes like 1 second to do the hash, there are plenty of libraries out there.
Fast hashes are the reason that hackers are able to break scores of passwords when DB's are compromised, it doesn't take long to hash a single password, so they can go through millions of combinations in seconds.
If it takes 1 second just to run the hash once then they're not going to crack any passwords.
Of course the best option is not to have passwords at all.
dennis_sweden , it's GLBSE, the GLobal Bitcoin Stock Exchange (glbse.com)
Nefario.