HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

MD5 shuffling with a defined pattern of numbers

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
withnumbersmd5shufflingdefinedpattern

Problem

I've created a MD5 shuffler with a defined number pattern. Does this make sense? Will this make storing passwords more secure? Is it efficient?

";
$md5 = "e2fc714c4727ee9395f324cd2e7f331f";
echo "Old hash: " . $md5 . "";
$hash = str_split($md5, 1);
$shuffle = explode(",", "24,29,21,23,2,30,10,22,6,28,26,11,8,19,9,20,16,3,0,14,18,15,12,25,5,4,31,1,7,27,13,17");
$newhash = "";
for ($i = 0; $i ";
$newhash = str_split($newhash, 1);
$reverse = "";
for ($i = 0; $i ";
echo "";
?>

Solution

Will this make storing passwords more secure?

Using MD5 for passwords is a bad idea, not because of its cryptographic weaknesses, but because it's fast. This means that an attacker can try billions of candidate passwords per second on a single GPU.

I wouldn't even bother creating my own secure hashing functions if I'm not an expert at it. There are libraries out from people who have already done all the hard work for you and have tested them thoroughly for security. PHPass is one of them.

Matter of fact, if you run PHP 5.5 or greater, you can use its native function: password_hash().

Context

StackExchange Code Review Q#61677, answer score: 6

Revisions (0)

No revisions yet.