Ask, I if this transcoding, is not security will be a little higher.
For example: SHA1 (MD5 ("password"))
What I want to know is:
1 is that necessary?
2 If this is possible, the impact on performance will be very large
or other what I can not think of, the future may appear what problems, and so on, hope to get your reminder, study!
Reply content:
It seems you don't know what a salt is. Generate a random number, we call it salt, and then record the Salt and h=hash (pwd + salt) in the database, when the query, get the user's password p, and then isolate the salt from the database, calculate the hash (p+salt), see if it is equal to H, is equal to the right, Not equal to is wrong.
The simple use of MD5 is not good, not to say that MD5 this method is easy to be cracked, and in fact, for the MD5 to seek the original image or the second original image, that is, "inverse calculation" This crack, there is no good way. Only by pre-calculation know many MD5 correspondence, exist in the database, and then use the time counter-check, for example I know that ' password ' MD5 value is 5f4dcc3b5aa765d61d8327deb882cf99, then I use a database to save up, As long as I see 5f4dcc3b5aa765d61d8327deb882cf99, I know this is the password ' password ' after the use of MD5 processing value, the original password is ' password '. MD5 used for password protection in identity authentication system It's been a long time, most hackers also have to prepare the corresponding database for this hash method to counter-check, such a database called Rainbow table.
So, in order to counter the Rainbow table, the job we have to do is to avoid pre-calculation, so that the attacker cannot (or very difficult) calculate the rainbow table in advance.
To reflect why the calculation of the rainbow table is feasible, let's calculate it again. We assume that the user may enter the password is lowercase letters and numbers on the keyboard, a total of 26+10=36, the reason is that because a user more than one system will always have some weak password users, we assume that the input password is at least 5 characters, up to 12 characters, then the user may input altogether:
, and a possible combination of 12 bytes should
Two If you take into account the user in order to facilitate the memory, the input password is some existing words or phrases, the possible input will be far less. The user may have less input, giving us the space to enumerate.
To prevent this enumeration, the salt method is a simple and efficient way to enlarge the user input, randomly generate a random number of 16 bytes, plus the user's own input of up to 12 characters of the password, the possible input is kind of, so many possibilities, No institution or organization has the means to store such a large rainbow table.
Another approach is to increase the complexity of the hash and prolong the time it takes for the attacker to brute force. Now the video card for parallel computing is too easy, 6-bit pure digital password in the video card appears to be a second break. Multiple iterations of the hash algorithm are the simplest way to extend the computational time, and Apache's htpasswd uses the MD5 1000 iterations, but only makes these passwords a little harder to crack.
In addition, the use of SHA1 and MD5 two algorithms, in addition to slightly increase the difficulty of a little calculation, and not much good, this combination of methods can not increase the user input possibilities, in addition, although SHA1 generated a 160-bit hash, but because the input is a 128-bit MD5, So the output is only possible at most, and the range of guesswork is not shrinking. So this is the original answer I suggest you use more times (such as 1000 times) The reason for the MD5 iteration should be at least one aspect that has a slightly larger enhancement.
In addition this article (Brute force password cracker Ocl-hashcat-plus supports guessing up to 8 billion passwords per second, what does it mean?) The data can be used for reference, Bcrypt is an effective anti-password hash hack algorithm, recommended. Salt is added to prevent attackers from directly matching the MD5 dictionary with ciphertext to find clear text, because if the user password is an entry in the dictionary, the addition of a random suffix will hardly appear in the dictionary, and the attacker cannot construct a rainbow table.
The master's practice can still be attacked by rainbow tables. As long as the attacker knows your algorithm, it is good to make a new Sha to build the rainbow table of the previous single MD5. If the clear text itself is an entry in the table, this increase in attack difficulty is very limited. This was written when Csdn Bauku:
/ http Blog.sina.com.cn/s/blog _77e8d1350100wfc7.html
The previous answer mentions the effect of adding salt to avoid pre-calculating rainbow tables, which is the correct explanation. Do not add salt and the password to complicate the connection, although there is actually such a side effect, but the principle of salt is not this at all. This misleading can lead to some inexplicable "add fixed salt" ignorant idea.
Besides what Sha (MD5 (password)) or what MD5 1000 times this idea is usually also very inexplicable, these questions are answered in my blog, this does not boil down. If the data is leaking salt is useless, salt is also seen you can use SHA-2 directly.
But to say, like MD5, SHA1 this is hash algorithm, not encryption algorithm. Because the coded result is irreversible unless you use a poor lift. Don't use SHA or MD5, add salt. Please use Bcrypt
First of all, I'm not majoring in cryptography.
For ordinary applications, add salt enough, recommended to see @sumtec no knowledge really scary-the application of the md5+salt of cryptography jokes not safe _sumtec_ Sina Blog
Md5+salt prevent the original rainbow table collision, but with the improvement of computer performance, the complexity of the algorithm is not enough, then you can brute force hit the library cracked
I think if the security requirements are high, you need to use the Sha256+salt algorithm.
This is the general database to save the password scene
I am also looking for information on the performance of these algorithms ... The original password are MD5 no salt is not safe, how to solve directly on the sha-3 feel and strengthen the salt is almost one by one corresponding relationship, add salt can increase the greater cost;