Reputation: 1037
Is it worth encrypting a password hash?
I was wondering if it is common practice to encrypt a password hash, and/or the salt, does it necessarily make it more secure or just increase the time it'd take to "guess" the password?
Thanks!
Upvotes: 0
Views: 152
Answers (3)
Reputation: 118
It's not common practice to encrypt a salted hash. It may slightly increase security but realistically it's not worth it, since you'd have to manage the key in some way, complicating the whole process. Using a salted hash with a secure hashing algorithm will be fine.
Upvotes: 3
Reputation: 1101
If the hash was produced by a "good" algorithm, than it doesn't make any sense to cipher it, since you would be essentially ciphering something that in theory only the rightful user can generate.
Ciphering the salt doesn't add any kind of real security.
Upvotes: 1
Reputation: 12578
Generally, you don't need to encrypt hash as long as you use good cryptographic hash function. As for salt, salting is done best before encrypting, ie. salt does get encrypted. The exception would be one-time table, in which case you can easily salt afterwards. As for the third question, whole encryption is nothing but increasing the time it takes to "guess" the plaintext, exception being again one-time table. Now what's your concrete problem? Can you formulate it as a task in some concrete computer language?
Upvotes: 1
Related Questions
- What is the point of hashing?
- Storing Passwords on MySQL database: Hash vs Encryption?
- Difference between Hashing a Password and Encrypting it
- Password Hash Approach
- Why should I care about hashing passwords anyway?
- Is not a good idea to use hash values directly for encryption?
- Encryption vs Hashing Passwords
- Dilemma of choosing either to hash or encrypt passwords
- What is better hashed or encrypted passwords?
- Value of hashing/encrypting passwords in the greater scheme of things