Reputation: 12047
Securing Passwords with a Hash
I am reading up on different techniques to secure passwords. I am aware that no matter what precautions you put in place you are in the long run only slowing down a determined hacker. I have looked into the use of bcrypt in PHP and also PBKDF2.
Ignoring how you create your hash for now. Would it be any use if a set of say 4 or more randomly choosen ASCII characters where entered into the hash at predetermined positions. Are there different length hashs? So you could make one type say md5 look like another if you just counted the number of chars?
I understand that this again only slows down someone knows you are doing this and they obtain the positions you are using to place random characters?
Upvotes: 0
Views: 136
Answers (1)
Reputation: 57690
There is no point in placing random character in the hash to make it secure. Because eventually you have to find the actual hash and compare with the generated one that is calcualted from users input.
Better, use a seed for the hash. Suppose hash is a generic function and $seed is a seed you can do this,
$seed = 'a_constant_value';
$seeded_hash = hash( $seed . $password );
If you dont want the seed to be a constant, add another credential from the user to the hash.
$seed = 'a_constant_value';
$user_credential = 'any_data_of_this_user';
$seeded_hash = hash( $seed . $user_credential. $password );
Here make sure this user credential is constant for each user. It can be users birthdate, blood group.
Upvotes: 2
Related Questions
- md5 hashing using password as salt?
- Md5 salt password php
- encrypt and decrypt md5
- php encrypting passwords
- Encrypting the password hash as alternative to pepper
- How can we create a fairly secure password hash in PHP?
- Password hashing methods
- password security in PHP
- PHP Password Hashing
- Securely hash passwords - so much conflicting advice!