2

So I know that MD5's are technically a no-no in new applications, but I randomly had a thought of this:

Since 

md5($password);

is insecure, wouldn't 

md5(md5($password))

be a better alternative? would it keep getting more secure the more I use it? Say if I made a function like this

function ExtremeEncrypt($password)
{
 $encryptedpass = md5(sha1(md5(md5($pass))));
 return $encryptedpass;
}

Would this function be a good alternative to say using a random salt for every account like vbulletin does.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Swaly
  • 89
  • 8
  • 2
    Why not just currently accepted practices instead of making up your own? – John Conde Sep 17 '13 at 13:57
  • you can use some encrypt/ decrypt functions instead of above – vishal shah Sep 17 '13 at 13:59
  • @JohnConde my question is basically the following; will this create a working encryption OR is this not how hashing works – Swaly Sep 17 '13 at 13:59
  • First of all, MD5 and SHA1 are not encryption. They're hashing functions. It's important to understand the distinction. But as @JohnConde said, why not just follow accepted standards and practices instead of messing with stuff that's known to be vulnerable. If it's vulnerable to a single pass MD5 hashing, it's vulnerable to 2, 3, 4, or 5 of them. – Pete Sep 17 '13 at 14:00
  • 1
    This might help you, I used it for my application https://crackstation.net/hashing-security.htm#phpsourcecode – Jason OOO Sep 17 '13 at 14:00
  • @Swaly better use encryption method – vishal shah Sep 17 '13 at 14:00
  • Here is a good read for password hashing in PHP: http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/ – mcryan Sep 17 '13 at 14:05
  • 8
    Do. Not. Roll. Your. Own. Algorithm. – ceejayoz Sep 17 '13 at 14:05
  • 1
    Double-md5 isn't much better than single md5. Wrapping garbage in more garbage doesn't give you something useful - you end up with more garbage. – Marc B Sep 17 '13 at 14:05
  • 1
    +1, since the question is specific and clear, and is difficult to research without asking. Downvotes are for unclear questions, imo. – halfer Sep 17 '13 at 14:08
  • Huh that's weird, thought making my own hashing method would make it more secure as no one know how the password was hashed and it ends up looking like a plain md5? – Swaly Sep 17 '13 at 14:11
  • http://security.stackexchange.com/a/31846 because this is highly relevant and covers almost everything you need to know. There's a section about "homebrew" hashing. It also explains salt. I say that because I feel you misunderstand the full point of salt, yes it prevents rainbow attacks (which I think is what you're getting at) but it also ensures every users password is unique so if a hacker does get one users password, they can't then do a lookup on the hash and find other users with the same password. – Phen Sep 17 '13 at 14:51
  • Two faults: 1) It's fast 2) It isn't salted | Your scheme is similar to a per-application salt, not to a per-user salt. But per-user salts are essential to prevent multi-target attacks. – CodesInChaos Sep 17 '13 at 16:31
  • @Swaly security by obscurity doesn't work so well.......unless you REALLY got a good grip on how to create a solid, more or less bulletproof algorithm from the ground up (i.e. like rewriting md5 algorithm from scratch, but with significantly fewer security holes), it's best not to attempt this. – user2366842 Sep 18 '13 at 15:19

5 Answers5

8

Double hashing a string does nothing except limit your key space and make collisions more likely. Please don't do this. Double md5 hashing is actually less secure than a single hash with some attack vectors.

A better option would be to use the password_hash function in php 5.5 or ircmaxell's password_compat library for earlier php versions.

Orangepill
  • 24,500
  • 3
  • 42
  • 63
5

First of: hash and encryption are not the same. Hash is a one-way function while encryption expects data could be decrypted.

You should not try to invent your own solution when it comes to security. In PHP, since 5.5 version, there is native solution called Password Hashing. md5() is insecure and you should be aware of that.

If you have PHP below 5.5 version, you should use salt to hash & store your passwords.

Alma Do
  • 37,009
  • 9
  • 76
  • 105
2

You have lots of answers here and they are accurate but they don't really explain why.

MD5 is a hashing algorithm. What a Hashing algorithm does, is take a long piece of data and analyse it cryptographically in a way that creates a smaller piece of data. So from ABCDEFGHIJKLMNOPQRSTUVWXYZ with my custom hash algorithm I might create a single digit hash 5.

When that is done, you lose information - ABCDEFGHIJKLMNOPQRSTUVWXYZ contains far more information than 5 and there is no way to make the translation the other way.

The problem with hashing in a way that only allows an outcome of 0-9 ( this is effectively a Checksum ) is that if you take two pieces of text, the chances are quite high that they will have the same hash. So maybe with my algorithm ZZZZZZZZZ will also produce a hash of 5. This is what is termed a Hash Collision.

Now what happens if I take the hash of my hash? Well, my starting point is already very low information - the most it can possibly be is one of ten digits, so the chance of a collision is now exceedingly high. Supposing when my hash algorithm runs on numbers it returns 1 if it is odd and 0 if it is even- so if I have a hash of ABCDEFGHIJKLMNOPQRSTUVWXYZ which comes to 5 then I have a 10% chance of a collision. But if I make a hash of that hash, I will now have a 50% chance of a collision.

The trick of cryptography is hiding information in such an enormous possible space that it is unbelievably hard to find. The more you shrink that possible space, the less well hidden your information is.

glenatron
  • 11,018
  • 13
  • 64
  • 112
  • Thanks that makes sense, but just so I get this straight; If there were no Hash Collision, would double/triple hashing make it more secure? – Swaly Sep 17 '13 at 15:03
  • @Swaly Please read this question: [MD5 collision attacks: are they relevant in password hashing?](http://security.stackexchange.com/questions/23116/md5-collision-attacks-are-they-relevant-in-password-hashing). – ComFreek Sep 17 '13 at 15:06
  • @Swaly what I am trying to make clear is that if you are hashing a hash, there will always be hash collisions. You are narrowing down the data available to you so it is mathematically guaranteed that collisions will occur. If there was no hash collision then you would not be doing hashing because to avoid it you would need to have a hash the same size as your data. At that point, you are looking at encryption rather than hashing. – glenatron Sep 17 '13 at 15:21
0

Short answer: No.

md5 is easy to break using brute-force. Adding additional layers of hashing only slows down a brute-force attack linearly.

mcrumley
  • 5,682
  • 3
  • 25
  • 33
-3

First of all md5 isn't really encryption, because there isn't a decryption method to it. It's called hashing.

The standard practice is to salt your passwords:

$salt = [some random/unique number, people usually use user_id or timestamp]
$hashed_password = sha1($salt . $password)

Remember that you need to know the salt, hence usually it means storing it along with the hashed password.

You can have multiple salts, and arrange them however you like.

Populus
  • 7,470
  • 3
  • 38
  • 54
  • care to enlighten me on the -1? – Populus Sep 17 '13 at 14:06
  • 1
    SHA-1 shouldn't be used for hashing either. bcrypt would be a good choice. – ComFreek Sep 17 '13 at 14:06
  • sha-1 is secure enough, it's only readily crackable because of dictionary attacks, and those dictionaries has been accumulated over many years, so you can easily defeat it using a non-standard salting method. Related SO question on that: http://stackoverflow.com/questions/2772014/is-sha-1-secure-for-password-storage – Populus Sep 17 '13 at 14:09
  • 2
    Have you read the second or third answer on that page? Two problems: a) SHA-1 can be computed too fast and b) you should definitely use more than one iteration. Please see this question on the SE Security site: http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords – ComFreek Sep 17 '13 at 14:13
  • Ok thanks for info, I know more now, but am unconvinced that sha-1 is insecure as a general purpose password hashing tool when used along with a salt. It may be less secure than bcrypt, but it doesn't mean it's not secure. – Populus Sep 17 '13 at 14:46
  • The more secure, the better. If there's a means to go more secure without a huge performance loss, no reason not to. Granted unless you're actually storing stuff like credit card information and such (which should never be fully end user accessible anyways), sha-1 will likely be enough to keep most people out, but still better not to take that risk given the option. – user2366842 Sep 17 '13 at 14:51
  • It's defintely not as bad as MD5 is, **but** why don't use hash algorithms which were especially made for passwords? The PHP password hashing library (mentioned in answer by Orangepill here) uses bcrypt as of PHP 5.5.0. – ComFreek Sep 17 '13 at 14:52
  • Well 1) Not everyone can use PHP5.5, 2) Even 3rd party libraries like `password_compat` may not be allowed. So my answer was the minimum level of security one should achieve. If I wanted to write a super strong hashing scheme, I would do that on a thesis, not SO. – Populus Sep 17 '13 at 14:55
  • `password_compat` is just a single PHP file. If you aren't even allowed to include a PHP file, then you should probably speak to your supervisor. Nobody wants to take a security risk. If you're storing credit card information, you should also **encrypt** the data. – ComFreek Sep 17 '13 at 15:02
  • Yes, if I'm storing credit card information I would encrypt it. Hashing is specifically made to quickly compare whether the data recieved matches what we have on file, so having some complex hashing scheme is just a fallback to when your entire database is stolen. So yes, sure it's nice to have, but not neccessary. – Populus Sep 17 '13 at 15:06