$clear_text = "hello";
$salt_ = sha1("758hF4H7gJi98U6o");
$salt = substr($salt_, 0, 12);
$hash = substr(hash("sha512", $clear_text), 0, 20).$salt;
As you can see, $hash generates a 32 character string, making it look identical to md5. So a hacker will be trying to decrpyt this md5 hash when in fact it is nothing like that!
Would this be cunning, and would it be a good idea?
分享 Don't try to invent your own crypto, use standardized hashing algorithms like bcrypt, scrypt or PBKDF2.
Please refer to:
There is a principle in security which is called Kirckhoff's principle, one of the rules is "It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience" Suggest the attacker has access to your machine and is able to dump your source files as well as your database it won't take him very long to discover your algorithm.
Now from there your own rolled algorithm doesn't really provide any additional protection from normal sha512+salt. The speed at which he would be able to attack the hashes would be the same with or without your algorithm. Meaning your scheme is useless once the algorithm as been found.
分享
