1

Basically, what I'm asking is if salting a password by appending a hashed version of it to the end of it is just as secure as salting with a different string. So:

Is this:

$pass = "pass";
$salt = sha1(md5($pass));
$pass = md5($pass.$salt);

As secure as this?

$pass = "pass";
$salt = "4D9ds*^dkrUI45^#dkd*3fD8&!dlvd*";
$pass = md5($pass.$salt);
BoltClock
  • 700,868
  • 160
  • 1,392
  • 1,356
Thomas
  • 13
  • 2
  • You shouldn’t use a fixed salt or generate the salt from the value that is to be hashed. – Gumbo Dec 20 '10 at 17:11
  • As long as the salt is random for every user I don't see any problem. – Ben Dec 20 '10 at 17:14
  • If the salt is random, then the hash is useless. Might as well write md5(rand()) to the db. – codelark Dec 20 '10 at 17:17
  • 2
    It adds no entropy whatsoever. It would at least handicap rainbow tables, since nobody has prepared for `0123456789..789password`. But as for real security, a clear no. – mario Dec 20 '10 at 17:20

3 Answers3

4

If the salt is based on the value to be hashed, then you lose the value of the salt.

If a password hash salt is based only on the value of the password, then two users using the same password is very visible in the database, for example.

You should instead add a salt on a different determinable value. Common options are fields like the username, email, etc.

codelark
  • 12,254
  • 1
  • 45
  • 49
  • +1 for the same reason. BTW, I really can't see any realistic security concern in using a fixed hash for any other reasons. – cbrandolino Dec 20 '10 at 18:40
3

The first example is as secure as hashing without using any salt at all, because it still just requires the password and nothing more to crack. In other words, you are just applying the hashing functions to the same thing a few times more.

A better bet is still to create a salt for each user and store it alongside, separately. A fixed salt for everyone is alright, I guess, because you cannot use the password to determine the salt. However, generating a unique salt for each user is even better because then it would take more information than just the password to crack it (e.g. username, date registered, or some other info).

BoltClock
  • 700,868
  • 160
  • 1,392
  • 1,356
  • 1
    a 'fixed salt' is not alright, in fact, a 'fixed salt' is called a key. read also: http://stackoverflow.com/questions/1645161/salt-generation-and-open-source-software/1645190#1645190 in summary, use a high entropy random salt. – Jacco Dec 21 '10 at 12:37
2

You shouldn't use md5 anyway as it's been cracked. sha256 is more secure and just as easy to implement. How about using, when storing the data:

$salt = mt_rand();
$pass = hash('sha256',$_POST['userPassword'] . $salt);

Therefore $salt is not based on any user entered data, but random data. You then store $salt in the db as it is, or reverse the string for obfuscation.

JakeParis
  • 11,056
  • 3
  • 42
  • 65