Which one to use: Managed vs. NonManaged hashing algorithms

Question

In a regular C# application which class to use for hashing: xxxManaged or xxx (i.e SHA1Managed vs SHA1) and why?

Answer 1

Another difference between the Managed and the CNG Non-Managed versions is the supported .Net Framework version: e.g.

• the AES Managed version starts from 3.5, while the CNG from 4.6.2 and for
• SHA512, Managed starts from 1.1 and Cng from 3.5.

However, I believe that if we are not constrained by the framework version or to support legacy OS versions, we should use the CNG versions:

• The hashing algorithms postfixed with Cng are the only ones that use bcrypt
• The fact that it might take longer is actually an advantage as it protects from brute force attacks: on the user side 300ms or 3ms makes no difference, while for an attacker it is an order 100 magnitude!