发表新帖
发表新帖

Is “double hashing” a password less secure than just hashing it once?

后端 未结
关注
16 2024
梦谈多话
梦谈多话 2020-11-22 08:09

Is hashing a password twice before storage any more or less secure than just hashing it once?

What I\'m talking about is doing this:

$hashed_password
16条回答
  • 借酒劲吻你
    借酒劲吻你 (楼主)
    2020-11-22 08:49

    Yes, re-hashing reduces the search space, but no, it doesn't matter - the effective reduction is insignificant.

    Re-hashing increases the time it takes to brute-force, but doing so only twice is also suboptimal.

    What you really want is to hash the password with PBKDF2 - a proven method of using a secure hash with salt and iterations. Check out this SO response.

    EDIT: I almost forgot - DON'T USE MD5!!!! Use a modern cryptographic hash such as the SHA-2 family (SHA-256, SHA-384, and SHA-512).

    0 讨论(0)
 看不清?
提交回复
热议问题