Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any advantage to
sha1(sha1(sha1($password. $salt)));
Basically having multiple sha1 verses just one sha1
sha1($password. $salt);
Do not, I repeat, DO NOT attempt to make your password hash safer by doing “special” things do your hash.
First of all,
sha1(sha1(sha1($input)))only has for side effect to increase the chance of collision* on each iteration. Increasing the chance of collisions is a very bad thing.Instead of trying your hand at do-it-yourself cryptology, why not trust libraries made by actual experts in the field? Use the Portable PHP password hashing framework.
PHPass actually uses bcrypt, which is an algorithm designed to prevent rainbow table, dictionary and brute force attacks. You can initialize it with a number of rounds: the higher the rounds, the longer it takes to compute the hash. That way, you can create stronger hashes if processing power increases.
* The first call to
sha1()takes infinite input and creates one out of2160outputs. The second iteration takes2160inputs and creates one out ofxoutputs, wherex <= 2160. The third iteration takesxinput and creates one out ofyoutputs, wherey <= x <= 2160.Why does each call to
sha1()reduces the amount of possible outputs? Because the algorithm behindsha1()was not designed for one-to-one matching of the hashes. Theoretically, you are bound to have collisions if you were to hash every possible hash.