0

I am reading up on different techniques to secure passwords. I am aware that no matter what precautions you put in place you are in the long run only slowing down a determined hacker. I have looked into the use of bcrypt in PHP and also PBKDF2.

Ignoring how you create your hash for now. Would it be any use if a set of say 4 or more randomly choosen ASCII characters where entered into the hash at predetermined positions. Are there different length hashs? So you could make one type say md5 look like another if you just counted the number of chars?

I understand that this again only slows down someone knows you are doing this and they obtain the positions you are using to place random characters?

Somk
  • 11,869
  • 32
  • 97
  • 143
  • 2
    Just a tip; have you tried looking in to [salts](http://en.wikipedia.org/wiki/Salt_%28cryptography%29) – Bono Jun 08 '12 at 14:47
  • Yes I have looked into salts. I also meant to mention them, but as I said ignore how the hash is created I forgot to mention them – Somk Jun 08 '12 at 14:52
  • Im surprised this hasn't been closed. There are already several similar topics on SO. – Josh Jun 08 '12 at 15:06
  • possible duplicate of [Secure hash and salt for PHP passwords](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) – Josh Jun 08 '12 at 15:13

1 Answers1

2

There is no point in placing random character in the hash to make it secure. Because eventually you have to find the actual hash and compare with the generated one that is calcualted from users input.

Better, use a seed for the hash. Suppose hash is a generic function and $seed is a seed you can do this,

$seed = 'a_constant_value';
$seeded_hash = hash( $seed . $password );

If you dont want the seed to be a constant, add another credential from the user to the hash.

$seed = 'a_constant_value';
$user_credential = 'any_data_of_this_user';
$seeded_hash = hash( $seed . $user_credential. $password );

Here make sure this user credential is constant for each user. It can be users birthdate, blood group.

Shiplu Mokaddim
  • 56,364
  • 17
  • 141
  • 187