发表新帖
发表新帖

md5 hashing using password as salt?

前端 未结
关注
6 852
忘掉有多难
忘掉有多难 2020-12-13 16:17 
md5($password.md5($password))

is this good enough for password hashing? I am not asking for comparing this to something like bcrypt.

if it

6条回答
  • 一向
    一向 (楼主)
    2020-12-13 16:52

    The reason why random password salt is recommended for hashing password, so that an attacker who knows the password hash can't compare it to rainbow table of pre-calculated hashed from dictionary.

    If you're using password as salt, attacker can pre-calculate hashes of $word.md5($word) first from their dictionary

    0 讨论(0)
 看不清?
提交回复
热议问题