10-20-2009, 07:09 PM
|
#9 (permalink)
|
|
The Wanderer
Join Date: Oct 2009
Location: Fiji
Posts: 6
Thanks: 0
|
Quote:
Originally Posted by cachepl0x
I was wondering. In terms of security, how is this for a hashing algorithm?
PHP Code:
$salt = sha1('Hash');
$pass = sha1('My Password');
$hash = $pass . $salt;
for ($i = 0; $i < 10000; $i++) {
$hash = sha1($hash);
$hash = substr($hash, 5, 15);
}
Good, or bad? Improvements?
|
It appears that rehashing ( http://en.wikipedia.org/wiki/Key_strengthening) is a defense against precomputation attacks such as rainbow tables.
http://en.wikipedia.org/wiki/Rainbow...rainbow_tables
You'd have to rehash with the hash and password included:
PHP Code:
$salt = 'QX;2t9`l}O^fE71AVueo5NLW7;fCI5[])=v/8Ju+?HEsxMqbtgeK@L7eVb[DH|]|';
$pass = 'My Password';
$hash = '';
for ($i = 0; $i < 10000; $i++) {
$hash = sha1($hash.$pass.$salt);
}
Quote:
Originally Posted by Village Idiot
Mixing hashes often makes collision rates higher and adds more of a footprint than it takes away.
|
I'm assuming adding the pass and salt to each iteration is to prevent the footprint and collision rate form increasing? |
|
|
|