SHA-3 is KECCAK

[Uranuz]

I don't feel myself confident about crypto and security 
questions, but I need to make password hashing and generating of 
session Id. And make it difficult to pick up password with bruto 
force or dictional with single "usual" computer. I'm slightly 
disappointed that then more I read different articles on IT 
forums then less I understand something. And there are several 
opposite ideas that stunning me.
  1. All security systems, cipher, etc can be hacked If someone 
wants it
  2. Do not reinvent the wheel. All have been invented already.
  3. If you use standart implementation it's high risk than it was 
cracked already.
  4. Is it really essential to someone tho crack you security.

About md5 I have read that it's already cracked. It's vulnerable 
to length extension attack. As I feel SHA 2 is better (but it's 
not my opinion - it's just subjective feeling). And may be more 
modern algorithm isn't hacked until now. Higher variety of 
standart implemented hash algorithms can enable to combine them 
in different manner to get not standart implementation of hash. 
As I think it can increse security against attacks with rainbow 
tables.

I don't know if I rigth or not. The reason why I asked is that 
I'm implenenting authentication on site written in D. So I want 
to make password hash generation function enough secure to forget 
about it for ~5 years or more. Because there only a litle of hash 
functions implemented in std.digest and they are not so strong by 
security reasons. It makes it not very useful.

P.S. Sorry for my English.