4

Possible Duplicate:
Is “double hashing” a password less secure than just hashing it once?

So, I was reading an article on securing PHP websites and they recommended hashing a password multiple times, in fact, this is a direct quote from the article:

md4(md4(md5(sha1(md4(md5(sha1(sha1($_POST['password']))))))));

Now, personally, I generally use a salted SHA-256 hash on my passwords, because I thought that MD4 and MD5 were no longer secure and that hashing a password multiple times would just put too much strain on a server for no practical benefit. Is that correct?

Community
  • 1
  • 1
Bhaxy
  • 5,346
  • 10
  • 39
  • 41
  • 1
    typically it is recommended to use the HMAC method with a key as well as a salt unique to that user. http://php.net/manual/en/function.hash-hmac.php – dqhendricks Dec 23 '11 at 00:09
  • Usually it bothers me when people flag my question as a possible duplicate, but that link was actually really useful. – Bhaxy Dec 23 '11 at 00:26

3 Answers3

2

The direct quote from the article wouldn't work, as there is no md4() function in PHP. And then it wouldn't make sense still.

Normally applying multiple hashing functions wouldn't hurt. But when you go from sha1 to md5 you are losing input range (md5 gives you 128 bit output, but sha1 is 160 bits long). This is rehashing a shortened excerpt, which means the possible output set is never bigger than that of md5().

mario
  • 144,265
  • 20
  • 237
  • 291
2

If you don't hash your passwords tens of thousands of times, you don't know what you are doing.

This is computationally expensive; that is the point. For the legitimate purpose of authenticating a user who has the correct password, the load is negligible. But for a cracker who is trying to test a huge list of passwords in an offline attack, the cost is prohibitive.

Using thousands of iterations of a hash function is a well-established and widely used technique for "key strengthening." It is incorporated in standards for key derivation, and used in algorithms like bcrypt for password protection.

Use bcrypt or PBKDF2, which will require you to use salt and iterations. Don't try to make up your own method using a few broken hashes.

erickson
  • 265,237
  • 58
  • 395
  • 493
  • 1
    Consider rewording this answer. Hashing multiple times actually weakens security when bouncing between two different algorithms (i.e. `md5(sha1(...))`). – FtDRbwLXw6 Dec 23 '11 at 03:27
  • Is there any accepted protocol that bounces between two algorithms like that? – erickson Dec 23 '11 at 06:39
1

A bit. If the goal is to actually get the original password, it becomes an impossible task. However, usually it is not, and if you really use md4 for the outermost hash, well.. http://en.wikipedia.org/wiki/MD4#Security

There are many other ways to improve security, the most basic of which is to use some kind of random salt that is not stored along with the password.

a sad dude
  • 2,775
  • 17
  • 20