Double MD5 hash as SALT? [duplicate]
Possible Duplicate:
Secure hash and salt for PHP passwords
Alright so im thinking of double hashing passwords with md5 (example hashing the password and then hashing the hash of开发者_StackOverflow中文版 the password). I want to know if anyone ever experienced any problems with this method and if you think its a good way to salt something. Thanks
I disrecommend hashing twice.
You might lose some password hashes, making your code even more insecure. It won't help with security.
The best way is to add salt to password and hash once!
The purpose of the salt is to make it more difficult to brute-force short passwords with pre-computed tables. You can make the salt user dependent.
MD5 is cracked. No matter how many times you rehash the hash, it adds absolutely no more security.
No it is not a good way to salt something.
Salting a password means adding extra data to the original password and then hashing the result.
You should generate a salt of at least 256 bits with a cryptographic random number generator, add that to your original password and then use a hash that has not been cracked, aka SHA-512.
MD5 is broken - so go far a SHA2 hashing. Hashing can be improved with salting and hashing in an iteration - which will secure you from dictionary and rainbow table attacks.
First, MD5 is significantly broken - Do Not Use, consider something like SHA-256 instead.
Second, salting is something quite different - having a hash(hash(password))
will not give you any security increase. See this for a further discussion: Secure hash and salt for PHP passwords
精彩评论