Is there a reason why you are using straight sha512 with concatenated elements instead of using a sha512 HMAC with the local password as the key to the HMAC?
No, not really. I do like having the length concatenated inside as well, as this provides a unique password for different lengths (useful to quickly visually identify if a password looks 'right').
Is there any reason why HMAC would be better than my current implementation? I have had a read over the article and it seems that straight SHA512 should have similar cryptographic strength.
I am concerned about changing the algorithm at this point in case anyone has already used it. I don't think there are any serious concerns but will report back if I find any (after taking some more time). Of course if anyone knows this stuff very well I'd be very eager for some feedback!
Is there any reason why HMAC would be better than my current implementation? I have had a read over the article and it seems that straight SHA512 should have similar cryptographic strength.
Thanks for your input!