Posts: 1
Threads: 1
Joined: Apr 2012
Hi Folks!
I'm thinking about using a software with the following hash-algorithm: sha1(salt+sha1(salt+pass+salt))
I wanted to check if this algorithm is secure.
As far as I can say, no Bruteforce-Software supports such a algorithm, right? So you would say this method is secure?
thanks!
Posts: 100
Threads: 2
Joined: Mar 2012
(04-30-2012, 09:45 PM)matafor Wrote: Hi Folks!
I'm thinking about using a software with the following hash-algorithm: sha1(salt+sha1(salt+pass+salt))
I wanted to check if this algorithm is secure.
As far as I can say, no Bruteforce-Software supports such a algorithm, right? So you would say this method is secure?
thanks!
No. especially since you have just posted this, it would be absolutely trivial to add this algorithm to a bruteforcer (or write your own).
Additionally, even if you don't divulge the combination, that doesn't guarantee someone can't figure it out, one way or another.
It may help to keep the script-kiddies out, but nothing is unbreakable.
Posts: 414
Threads: 14
Joined: Mar 2012
a similar algorithm, in fact more secure is already bruteforceable :: sha1($salt.sha1($salt.sha1($pass)))
Posts: 23
Threads: 2
Joined: Mar 2012
04-30-2012, 10:18 PM
(This post was last modified: 04-30-2012, 10:20 PM by james123.)
![[Image: Facepalm-Picard-360x360.jpg]](http://www.technobuffalo.com/wp-content/uploads/2012/01/Facepalm-Picard-360x360.jpg)
Read up on
security through minority.
Then, once you have realized how silly it is to try to reinvent the wheel by out-smartening ones designed by cryptography geniuses;
Look at the
preexisting algorithms available for you.
More specifically crypt(sha512) or bcrypt().
Posts: 2,301
Threads: 11
Joined: Jul 2010
05-01-2012, 01:41 AM
(This post was last modified: 05-01-2012, 01:42 AM by undeath.)
