I'm maintaining a website which uses Sha256 hashing of passwords.
The passwords are hashed with a GUID key, and a RNGCrypto generated random salt.
I'm just trying to understand the security risks associated with this scheme.
If an attacker is able to obtain just the hashed passwords, is there any way for them to be brute forced, or would they need to be also access the secret GUID on the server?
Should I recommend to my client that we change to slower hashing scheme?
If the Sha256 is used with only 1 iteration, then you should recommend to switch to a dedicated password-hash function in any case, BCrypt, SCrypt, Argon2 and PBKDF2 are good choices.
The problem with using SHA-* is its fastness, common hardware can brute-force about 3 Giga SHA-256 per second. Salting and peppering (the GUID) are good measures, but they protect form different threats.
You are right with the assumtion that an attacker needs the GUID from the server, but it depends on the attack, whether this GUID stays secret. On should plan for the case, that all necessary information is known, and then the slowness of the hash function is the only protection left.
From my point of view the only concern that I see is the brute force attack, however there is some factors you should take into account.
If you make a sha256("this is the password1234") this will generate hash1 that can be brute force and the attacker will get "this is the password1234", so we will be able to see the exact password.
If you use a sha256("this is the password1234" + key + salt....), dict attack will me more difficult to find the password if that is your concern. So I will choose this method but take into account that the management of the user password is more complex than the first one.
