Hash (hash ()) vs salt hash

Question

Hash (hash ()) vs salt hash

Since introducing Rainbow tables and using only hashed passwords (ex: MD5) for stored passwords in a database is not the best secure way .

When people talk about salty hashes, always use it that way hash(password . salt)or even hash(hash(password) . salt).

I don’t know why to use salt and add an extra entry for each password to store salt? Why don't we just use hash(hash(password))or even hash(hash(hash(password)))?

Is it safer to place salt? or just a feeling more complicated?

+3

security hash salt password-hash

Yousf Dec 19 '10 at 13:37

source share

8 answers

, .

8 , 100 000 000 . , . " -", 100 000 000 - .

, 4- . 100 000 000 1 000 000 000 000... 10 000 , 3 .

, , , , .

EDIT: , , , 100 000 000 . , . 100 000 000 , , . , . , : , . , .

+12

Jon Skeet 19 . '10 13:43

, , . , , : hash(hash(password)).

, , , . , .

- , . :

function hashPassword(password, salt) {
    result = hash(salt . password)
    for (i = 0; i < 1000; i++) {
        result = hash(salt . result)
    }
    return result
}

1000 . , , - - . 1000- , 100 . 18 , 2000.

, . , .

+6

Cameron Skinner 19 . '10 13:50

. .

, . , , , PBKDF2

, - .

+3

CodesInChaos 19 . '10 13:56

, . , , , , . , , .

0

Lucero 19 . '10 13:41

Rainbow .

0

Petter 19 . '10 13:43

- , . ( ) . , . , , , , .

0

GolezTrol 19 . '10 14:14

- . , , .

, , . ( ).

, , -. , .

stackoverflow , . . PHP.

-1

luiscubal 19 . '10 13:43

TToni · Accepted Answer · 2010-12-19T13:44:51+0000

( (pwd)) , (pwd) ( , ), . , , , .

( ) . , , , .

Hash (hash ()) vs salt hash

More articles: