0

For my Web class project I was told to make a website with login/logout functionality and one of the things my professors demanded was using hashing algorithms to encrypt the users password.

Is it smart to do 1 or more different algorithms to convert my data(in this case a string) before doing the hashing algorithm(ex: MD5, SHA-1,etc)?

Pedro Romano Barbosa
  • 587
  • 3
  • 11
  • 29
  • I'm not sure it's the sort of thing you had in mind, but it's certainly smart to salt the data first, to give just one obvious example. – Jerry Coffin Dec 09 '15 at 20:05

1 Answers1

1

No it's not.

Short answer, it won't increase security, and will probably only increase the risk of collisions.

Make sure you use an algorithm designed to hash password like PBKDF2 or BCrypt. Hashing algorithm like MD5 and SHA-1 were created to be efficient, not secure and therefore should never be used to hash password.

Also, use a salt to hash to password to prevent preimage attacks.

Justin Lessard
  • 10,804
  • 5
  • 49
  • 61
  • I was generally talking. If I use a salt and an algorithm designed for my password is it safer if I use a self-made encryption algorithm before all that process? – Pedro Romano Barbosa Dec 09 '15 at 20:19
  • No. Modern cryptographic hash function are already very good. At best, adding your algorithm won't increase security in any way. But there is a good chance doing so will weaken it. – Justin Lessard Dec 09 '15 at 20:22
  • Read [this answer](https://stackoverflow.com/questions/348109/is-double-hashing-a-password-less-secure-than-just-hashing-it-once?rq=1) for more details – Justin Lessard Dec 09 '15 at 20:24