Difference between Hashlib and System.Security.Cryptography.HashAlgorithm

Note: Updated 2017.

Hashlib

Hashlib is a library of hash implementations:

https://hashlib.codeplex.com/

It includes implementations of quite a few cryptographic and non-cryptographic hashes - both ones that are already supported by the .NET framework (in System.Security.Cryptography) and ones that aren't. You'll need it - or another external implementation - to support SHA-3.

Note, however, that Hashlib doesn't actually include SHA-3 in its final form - but rather, the way it looked before some adjustments were made to it. That means, its output will not be what you'd expect from SHA-3.

HashLib uses a different architecture than .NET's HashAlgorithm for its hash algorithms - the output is the same (for the same algorithm, e.g. SHA256), the usage isn't. But it has a wrapper/adapter that can make the workflow the same as for HashAlgorithm, for example:

IHash hash = HashFactory.Crypto.SHA3.CreateKeccak512();
HashAlgorithm hashAlgo = HashFactory.Wrappers.HashToHashAlgorithm(hash);
// Now hashAlgo can be used the same as any .NET HashAlgorithm, e.g.:

// Create byte input from string encoded as UTF-8
byte[] input = Encoding.UTF8.GetBytes("Hello Keccak!");

byte[] output = hashAlgo.ComputeHash(bytes);

But again, be aware that Keccak512 is not the same as SHA-3 - it won't give the same hash as an actual 512 bit SHA-3 implementation.

Actual implementations of the final SHA-3 in C# are still (2017) few and far between - the difference to Keccak as implemented in Hashlib is extremely minor, although it has major impact on the output, as would be the case for a hash algorithm - since Wikipedia no longer provides an example of the difference, here's one:

Keccak-512('abc') =
Keccak[1024]('abc', 512) =
    18 58 7d c2 ea 10 6b 9a 15 63 e3 2b 33 12 42 1c
    a1 64 c7 f1 f0 7b c9 22 a9 c8 3d 77 ce a3 a1 e5
    d0 c6 99 10 73 90 25 37 2d c1 4a c9 64 26 29 37
    95 40 c1 7e 2a 65 b1 9d 77 aa 51 1a 9d 00 bb 96

SHA3-512('abc') =
Keccak[1024]('abc' || 01, 512) =
    b7 51 85 0b 1a 57 16 8a 56 93 cd 92 4b 6b 09 6e
    08 f6 21 82 74 44 f7 0d 88 4f 5d 02 40 d2 71 2e
    10 e1 16 e9 19 2a f3 c9 1a 7e c5 76 47 e3 93 40
    57 34 0b 4c f4 08 d5 a5 65 92 f8 27 4e ec 53 f0

Keccak[c](M || s, d) means "Keccak with capacity c, message M, suffix bits s, and output size d."

This (from the Wikipedia article) is the only difference between "standard" Keccak (and Hashlib's implementation) and SHA-3 as it looks in the current spec:

For SHA3-n, an additional two bits 01 are appended to the message before padding.

Implementing it (by e.g. patching the Hashlib code) isn't trivial, though, without knowing how Hashlib works.

So, should you use SHA-3?

It depends on what you want it for - it's no good if you want compatibility with the finalized SHA-3 standard.

The whole Keccak family, independent of SHA-3, is a standard in itself - but NIST's tweaks for SHA-3 are still Keccak - just a specific subset of it (much like AES is a subset of Rijndael). When SHA-3 eventually shows up in - for example - the .NET framework itself, it will likely just be SHA-3 with the parameters NIST picked, rather than a generic Keccak with tweakable parameters.

SHA-512 (answer to a part of the question that has now been removed)

SHA-512 is SHA-2 512 bit - not the same as SHA-3 512. That said, to use it, you simply import System.Security.Cryptography - using in this case imports the namespace - making the classes inside the namespace available to your code.

After that, the workflow is the same as any other HashAlgorithm.

So, should I use SHA-2 or SHA-3 for hashing passwords?

Neither of them. Or at least neither on their own. And while a salt improves matters, that's not optimal security either. See How to securely hash passwords, specifically starting from:

A basic hash function, even if secure as a hash function, is not appropriate for password hashing