Reputation: 45
Hashing multiple values - most secure method?
hash(value1 & value2 & salt)
hash(hash(value1 & value2) & salt)
hash(hash(value1 & value2) & hash(salt))
hash(hash(value1 & salt) & hash(value2 & salt))
hash(hash(value1 & salt1) & hash(value2 & salt2))
hash(value1 & salt1 &value2 & salt2)
hash(value1 & salt1) and hash(value2 & salt2) '2 separate hashes for each input
In an application where 2 'passwords' are needed to access a specific function (for whatever reason you want) and the salt(s) are large random strings. What would be the best way of getting a final hash to store? (not necessarily 1 of the above)
Is it 'better' to have the outside/final hash algorithm different to the inner ones?
Side question: is a salt mainly for making short, crappy user pw's more secure from brute force attacks? So if the pw was large (say the ByteArray of an image file) would a salt add any real purpose? Thanks.
Upvotes: 1
Views: 95
Answers (1)
Reputation: 185962
Assuming & means concatenation, the safest is:
hash(value1 & delim & value2 & delim & salt)
...where delim is a delimiter that cannot appear in any of the other strings. It doesn't matter which order value1, value2 and salt appear in.
The delimeter prevents aliasing, e.g., (value1, value2) = ('fail', 'stone') vs (value1, value2) = ('fails', 'tone').
Upvotes: 2
Related Questions
- Most secure way to hash passwords
- Best way to prepare values of varying types for combined hashing in C#?
- What is the best way to securely store password (hashes)
- What is the most secure hashing method? (PHP)
- Does a single Salt provide any additional security?
- Best way to hash multiple keys in java
- Hashing, adding more salt
- Ideal hashing method for wide distribution of values?
- Best way to store hashed passwords and salt values in the database - varchar or binary?
- Database optimization: Hashing all the values