I have an encryption method that has the following behavior:
each character of the password is put through a method that gets the ASCII value of that character and shifts the bytes one way, and then the other way, and returns the following:
$shifted_left.$original_char.$shifted_right.
An example of a password before it is hashed:
àp8Âa0æs9æs9îw;Þo7är9Èd2Îg3Þo7Êe2æs9Ðh4Êe2är9Êe2d2
After this, the resultant string formed from going through each character in the original password is hashed using BCrypt. Does surrounding the passwords with these junk characters improve the strength of the passwords or protect them from being cracked via rainbow tables/dictionary attack?
Generally yes, it does prevent pre-computed rainbow tables, since you have a rather unique algorithm that probably nobody has bothered creating a rainbow table for.
But, the same password still hashes to the same hash. So an attacker trying to brute-force all your password hashes has an easier time because he only needs to crack the same password once for all users.
Therefore, it is still very advisable to use user-specific salts. And if you’re using user-specific salts with an already strong hashing algorithm, it doesn’t really matter whether you also do the bit shifting dance or not.