We are currently in the process of strengthening our password protection. We have been doing a fair amount of reading on SHA-2, Bcrypt, PBKDF2, and Scrypt. That being said, we are not security experts or cryptographers, and a lot of the technical aspects of the subject matter goes over our heads.
At this point we are leaning toward implementing either PBKDF2 or Bcrypt.
However, we were curious as to whether or not there was a benefit to using a SHA-2 algorithm in concert with Bcrypt (it appears PBKDF2 already has to specify a hashing algorithm). We had looked at the post:
But this is really more about using both Bcrypt and PBKDF2 together, and not a SHA-2.
Is there a benefit of leveraging a SHA-2 algorithm with Bcrypt? Or is it wasted effort/performance for no appreciable increase in actual security?
Thanks in advance for any insight anyone can provide.
pbr