MD5 password twice

Question

I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice?

like test > 098f6bcd4621d373cade4e832627b4f6 > fb469d7ef430b0baf0cab6c436e70375

So basically:

$val = 'test';
$val = md5($val);
$val = md5($val);

Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

Re salt, see here for a nice answer: http://stackoverflow.com/questions/4351702/what-is-salt-when-relating-to-mysql-sha1 — Pekka, Dec 27 '10 at 06:47
`hash('sha256', $s);` is available to most developers, so supporting best practice shouldn't be an issue. — zzzzBov, Dec 27 '10 at 06:51
Try this article for some more insight: http://benlog.com/articles/2008/06/19/dont-hash-secrets/ — deceze, Dec 27 '10 at 06:53
Re "noob proof way": No. As long as you don't understand *why* you're doing it you can always screw it up. ;o) — deceze, Dec 27 '10 at 06:57
See also: http://stackoverflow.com/questions/1191112/password-hashing-salt-and-storage-of-hashed-values - and links in that question - for a discussion of salting — Jonathan Leffler, Dec 27 '10 at 07:28
Nope, twice isn't enough, but some considerable number, like 1000 would be okay. — Your Common Sense, Dec 27 '10 at 07:48

Jerry Coffin · Answer 1 · 2010-12-27T07:46:55.777

Hashing twice makes little real sense and doesn't accomplish much. In general, however, multiple hashing can make some sense. For example, if you hash enough times to take something like 100 ms (or so, depending on hardware) it can help a little. The basic idea of it is pretty simple: adding 100 ms to a normal login is a barely noticeable delay -- but if you're trying to build something like a table for a dictionary attack, multiplying the time by something like a thousand (or whatever exactly it works out to) starts to make a real difference -- a table that you could normally compute in (say) a day, takes a few years instead. That's enough difference that anything but really serious attackers will often give up (or just get bored) long before they finish the job.

Salt is an entirely separate tool. Using it does not make up for weakness in the underlying hash function. The idea here is that the size of a table for a dictionary attack becomes substantially larger (e.g., for a one-byte salt, 256 times larger). The salt is not normally kept secret, but it's relatively random, so an attacker who's doing a dictionary attack can't just hash each word as-is, but has to take each possible salt value into account. At the risk of repetition: it deals with a weakness in how (most) people pick passwords, not any weakness in the hash function itself.

ohhhh that makes so much sense man thanks! So salt is basically a value added to all password pre encryption which therefore increases password safety. — NoviceCoding, Dec 27 '10 at 07:52
@NoviceCoding, for more info on salting read http://stackoverflow.com/questions/1645161/salt-generation-and-open-source-software/1645190#1645190 — Jacco, Dec 27 '10 at 09:24

score 4 · Accepted Answer · 2012-05-30T21:00:08.850

4

If you don't believe in MD5, you can try a higher algorithm by using the hash() function:

$hash1 = hash('sha1', 'The string to hash by SHA-1');
$hash2 = hash('sha256', 'The string to hash by SHA-256');
$hash3 = hash('sha512', 'The string to hash by SHA-512');
$hash4 = hash('ripemd160', 'The string to hash by RIPEMD-160');

In my opinion it does not make sense to hash twice.

EDIT: Fixed typo in last line of code.

edited May 30 '12 at 21:00

answered Dec 27 '10 at 06:51

Whoa didnt know php had those functions. Which one would you suggest that would be good but wouldnt be overkill? – NoviceCoding Dec 27 '10 at 06:58
i would prefer RIPEMD-160, because it is open source and i think that there not as much security risks like in sha-1, but the better the alorithm is, the slower it is... – Dec 27 '10 at 07:05
1

@Novice it doesn't really matter. All these algorithms are no better than MD5. Only salting, password hardening and number of repetitions can help you – Your Common Sense Dec 27 '10 at 08:13
3

sha256 is considerably better than md5 (and sha1 for that matter) sha256 is considered to be a strong algorithm. No matter what algorithm you use, you must include a random salt. – Jacco Dec 27 '10 at 09:18
1

@Marcel J. Kloubert, All common hashes have their have their source published. The difference is that RIPEMD-160 is not constrained by any patents; but it has had less scrutiny than for example SHA256. – Jacco Dec 27 '10 at 09:22
1

@Jacco: All of the SHA algorithms are patent-free and in the public domain. – President James K. Polk Dec 27 '10 at 14:36

score 3 · Answer 3 · edited May 23 '17 at 12:22

3

Whether or not you use the MD5 algorithm...

No, an attacker can always have two rainbow tables (one for the extra level of hashes, and one for the passwords). And from another answer of mine:

[...] it still just requires the password and nothing more to crack. In other words, you are just applying the hashing functions to the same thing a few times more.

You use a salt to make it more difficult for the attacker to get at your passwords, because then he would need to know the salt so that he can use it in computing the hashes for your passwords.

edited May 23 '17 at 12:22

Community

1
1

answered Dec 27 '10 at 06:47

BoltClock

700,868
160
1,392
1,356

1

Additionally, you can use different salts for each password. Otherwise, if I can determine what your salt is, I can generate a rainbow table for your entire database. If you use different salts, I can only create a rainbow table for a single password (which isn't useful - I may as well brute force it.) – Thanatos Dec 27 '10 at 07:20
So I am getting that the best way to go about this is to generate a random sting of digits (salt), add that to password then hash it. Once hashed store the password in the database with the salt. So nom my question is are there rainbow tables for the other hash methods marcel mentioned? So would I be better off salting MD5 or just using RipeMD(would probably be easier to implement)? – NoviceCoding Dec 27 '10 at 07:58
1

@NoviceCoding: Just avoid MD5 for password hashing. – BoltClock Dec 27 '10 at 07:59

score 1 · Answer 4 · answered Dec 27 '10 at 18:22

Storing passwords securely is tricky, most the advice posted here is not accurate. So I will defer to Thomas Ptacek's widely cited post on the subject: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html

score 0 · Answer 5 · answered Feb 02 '16 at 18:30

0

For the record, I evaluated that

$val = 'test';
$salt='somerandom!!aa##9900';
$val = md5($salt.$val);
$val = md5($val);

Its pretty safe. The secret is in the salt.

However, md5 is short so the chances of concurrences are "high" (one in 1.208.925.819.614.629.174.706.176 = 32^16, 32 words with an hexadecimal each one)

answered Feb 02 '16 at 18:30

magallanes

6,583
4
54
55

A salt must be stored somewhere, because you need it for the verification, that means it is not a secret anymore. MD5 should not be used, because it is ways too fast, you can calculate more than [100Giga MD5 per second](http://stackoverflow.com/a/35254799/575765). On the same page you can see that derivations like double MD5 are often supported out of the box by cracker tools. – martinstoeckli Feb 07 '16 at 20:16

MD5 password twice

5 Answers5