douzhanjia0773 2012-01-13 03:21
浏览 85
已采纳

散列函数和保持密码保护

I have been wondering a lot about different forms of Hashing and such for passwords. Yes I know about salting and would probably add that to the hash, but this is without any salting. I would probably use a dynamic salting technique.

Aside from all of that I was wondering if it was even logical to do what I show below? 

<?php

$data = "David";
$hash_crc32 = crc32($data);
$hash_md5 = md5($data);
$hash_sha1 = sha1($data);
echo '<br /><br />' .$hash_crc32. '<br /><br />' .$hash_md5. '<br /><br />' .$hash_sha1;

?>

The Echo Outputs the following:

1180170431

464e07afc9e46359fb480839150595c5

d27937f914ebe99ee315f04449678eccfb658191

$hash_crc32_md5 = $hash_md5 + $hash_crc32 + $hash_sha1 . $hash_md5 . $hash_crc32 . $hash_sha1;

<?php echo '<br /><br />' .$hash_crc32_md5; ?>

That Echo Outputs:

5820170431464e07afc9e46359fb480839150595c51180170431d27937f914ebe99ee315f04449678eccfb658191

So do you think it would be an over kill to hash a password like this? Should I just stick to one form of hashing with salting? I know I cannot be the first to think of something like this as it just seems really obvious.

As well how much harder do you think it would be to run across hashing collision, etc. with this form?

Thanks for any responses! :)

  • 写回答

2条回答 默认 最新

  • douciwang6819 2012-01-13 03:29
    关注

    Is it overkill? I can't comment as to that. I will state that it's probably less secure than using only one of the methods (in terms of information theory).

    The reason is that you're actually supplying more information to a prospective hacker by giving the results of multiple hashing algorithms.

    There's nothing at all secretive about the algorithms used in these hashing methods. Hashing removes information by virtue of the fact that, while it's reversible, there are are large number of possible texts that could produce the same hash.

    However, in providing multiple hash outputs, you effectively remove a lot of those possibilities since, for example, the number of texts that can produce a particular MD5 is intersected with those that produce a particular SHAx.

    Think in terms of the MD5 hash you have. Maybe there are a trillion different texts that can produce that value. That's an awfully large search space.

    Now consider the SHAx hash. There may also be a trillion different texts that can produce it. Again a large search space.

    But, if the intersect of those two search spaces is forty-two different texts, that wouldn't take long to crack.

    Cryptography is not for the faint of heart, or for those that haven't got a doctorate in the field :-)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler
  • ¥15 oracle集群安装出bug
  • ¥15 关于#python#的问题:自动化测试