-*- restructuredtext -*-

Hash
====
Regardless of use, NIST_ encourages application and protocol designers to use
the *SHA-2* family of `hash`_ functions for all new applications and protocols.

Also, in response to a `SHA-1 vulnerability`_ announced in Feb. 2005, NIST held
a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005 to assess the status of
its approved hash functions. While NIST continues to recommend a transition
from SHA-1 to the approved SHA-2 family of hash functions (SHA-224, SHA-256,
SHA-384, and SHA-512), NIST has also decided that it would be prudent in the
long-term to develop one or more hash functions through a `public competition`_,
similar to the development process for the Advanced Encryption Standard (AES).

`Bruce Schneier`_ has said: "I have, and continue to, recommend *SHA-256* for
immediate applications, and will probably continue to recommend the algorithm
until this process (a new secure hash standard) is completed. *SHA-384* and
*SHA-512* are also fine, but overkill for most applications."

There are another hash functions that have not known atacks and that are advised
to use too as `RIPEMD`_, `Tiger`_, `Whirlpool`_.

Salt
----
Before generating the hash, must be created a random string of characters of a
predetermined length (called a `salt`_), and prepend this string to our plain
text password.

Preventing comparability is only a minor goal. The primary goal is to make
generating rainbow tables infeasible, which requires the salt not only to be
random; it must also be large enough to overcome the compressing nature of
rainbow tables. It's recommended randomly generated salts of no less than 64
bits, and if it's ``bearable 128 bits``.


.. _NIST: http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
.. _SHA-1 vulnerability: http://csrc.nist.gov/groups/ST/hash/statement.html
.. _public competition: http://csrc.nist.gov/groups/ST/hash/timeline.html
.. _Bruce Schneier: http://www.schneier.com/blog/archives/2007/02/a_new_secure_ha.html
.. _hash: http://en.wikipedia.org/wiki/Cryptographic_hash_function
.. _salt: http://en.wikipedia.org/wiki/Salt_(cryptography)
.. _RIPEMD: http://en.wikipedia.org/wiki/RIPEMD
.. _Tiger: http://en.wikipedia.org/wiki/Tiger_(cryptography)
.. _Whirlpool: http://en.wikipedia.org/wiki/Whirlpool_(cryptography)
