patternphpMinor
MD5 shuffling with a defined pattern of numbers
Viewed 0 times
withnumbersmd5shufflingdefinedpattern
Problem
I've created a MD5 shuffler with a defined number pattern. Does this make sense? Will this make storing passwords more secure? Is it efficient?
";
$md5 = "e2fc714c4727ee9395f324cd2e7f331f";
echo "Old hash: " . $md5 . "";
$hash = str_split($md5, 1);
$shuffle = explode(",", "24,29,21,23,2,30,10,22,6,28,26,11,8,19,9,20,16,3,0,14,18,15,12,25,5,4,31,1,7,27,13,17");
$newhash = "";
for ($i = 0; $i ";
$newhash = str_split($newhash, 1);
$reverse = "";
for ($i = 0; $i ";
echo "";
?>Solution
Will this make storing passwords more secure?
Using MD5 for passwords is a bad idea, not because of its cryptographic weaknesses, but because it's fast. This means that an attacker can try billions of candidate passwords per second on a single GPU.
I wouldn't even bother creating my own secure hashing functions if I'm not an expert at it. There are libraries out from people who have already done all the hard work for you and have tested them thoroughly for security. PHPass is one of them.
Matter of fact, if you run PHP 5.5 or greater, you can use its native function:
Using MD5 for passwords is a bad idea, not because of its cryptographic weaknesses, but because it's fast. This means that an attacker can try billions of candidate passwords per second on a single GPU.
I wouldn't even bother creating my own secure hashing functions if I'm not an expert at it. There are libraries out from people who have already done all the hard work for you and have tested them thoroughly for security. PHPass is one of them.
Matter of fact, if you run PHP 5.5 or greater, you can use its native function:
password_hash().Context
StackExchange Code Review Q#61677, answer score: 6
Revisions (0)
No revisions yet.