I was wondering if it was common practice to solo and hash a password like
E (addition \ hash (salt || password))
where || is concatenation, and E uses RSA, for example. First of all, I ask this question for transporting the password database (not in the online storage, where the server will have a private key to decrypt the encrypted password at any time).
I know that the cryptographic hash must be irreversible, but a strong off-line attack with weak passwords will easily reveal the password. To ultimately decrypt the record in this database, the server will know the fill length and simply cancel the registration to show the hash (salt password).
This is not a typical problem, but I could not find a link to someone who should correctly transfer the password database and protect themselves from an offline attack .
Steve
source
share