If I make the following call in PHP it will use my password and salt to hash it a number of times with sha512:
echo crypt('password', '$6$rounds=1000$salt');
However, I wonder how this process really works. Is it something like this?:
$hash = hash('sha512', 'password' . 'salt');
for ($i = 1; $i < 1000; $i++) {
$hash = hash('sha512', $hash);
}
echo base64_encode($hash);
Or is it a really complex process?
The reason I'm asking is because I would like a cryptographic hashing system that is easy to implement in other languages.
If you're looking for a strong password hashing algorithm to implement across different languages, use bcrypt. There are libs for Java, C#, JavaScript, PHP, obj-C, Python, Perl, etc.
If this is for a login form, a good idea is to use a JavaScript bcrypt lib, and have the hash transmitted to the server. This allows the work factor to be reasonably large without overloading your server or introducing a DoS vulnerability.