douzhanjia0773 2012-01-13 03:21
浏览 85
已采纳

散列函数和保持密码保护

I have been wondering a lot about different forms of Hashing and such for passwords. Yes I know about salting and would probably add that to the hash, but this is without any salting. I would probably use a dynamic salting technique.

Aside from all of that I was wondering if it was even logical to do what I show below? 

<?php

$data = "David";
$hash_crc32 = crc32($data);
$hash_md5 = md5($data);
$hash_sha1 = sha1($data);
echo '<br /><br />' .$hash_crc32. '<br /><br />' .$hash_md5. '<br /><br />' .$hash_sha1;

?>

The Echo Outputs the following:

1180170431

464e07afc9e46359fb480839150595c5

d27937f914ebe99ee315f04449678eccfb658191

$hash_crc32_md5 = $hash_md5 + $hash_crc32 + $hash_sha1 . $hash_md5 . $hash_crc32 . $hash_sha1;

<?php echo '<br /><br />' .$hash_crc32_md5; ?>

That Echo Outputs:

5820170431464e07afc9e46359fb480839150595c51180170431d27937f914ebe99ee315f04449678eccfb658191

So do you think it would be an over kill to hash a password like this? Should I just stick to one form of hashing with salting? I know I cannot be the first to think of something like this as it just seems really obvious.

As well how much harder do you think it would be to run across hashing collision, etc. with this form?

Thanks for any responses! :)

  • 写回答

2条回答 默认 最新

  • douciwang6819 2012-01-13 03:29
    关注

    Is it overkill? I can't comment as to that. I will state that it's probably less secure than using only one of the methods (in terms of information theory).

    The reason is that you're actually supplying more information to a prospective hacker by giving the results of multiple hashing algorithms.

    There's nothing at all secretive about the algorithms used in these hashing methods. Hashing removes information by virtue of the fact that, while it's reversible, there are are large number of possible texts that could produce the same hash.

    However, in providing multiple hash outputs, you effectively remove a lot of those possibilities since, for example, the number of texts that can produce a particular MD5 is intersected with those that produce a particular SHAx.

    Think in terms of the MD5 hash you have. Maybe there are a trillion different texts that can produce that value. That's an awfully large search space.

    Now consider the SHAx hash. There may also be a trillion different texts that can produce it. Again a large search space.

    But, if the intersect of those two search spaces is forty-two different texts, that wouldn't take long to crack.

    Cryptography is not for the faint of heart, or for those that haven't got a doctorate in the field :-)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥30 自适应 LMS 算法实现 FIR 最佳维纳滤波器matlab方案
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥15 Python3.5 相关代码写作
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动