I think all undeath is saying is that there are plenty of other better solutions to your problem on the market in other crypto systems. A very important aspect of security is to not roll your own crypto system, rather to use some pre-vetted system to solve your problem, else you will be giving yourself a false sense of security.
All you are doing is slightly slowing down attack speed by using an obfuscation technique first (which will be discovered quickly) and a non-standard salting format (which some crackers may not like at first). The problem is that these can both be overcome rather easily, even with GPU hashcat, albeit maybe at a slower attack rate. (at worst, the attacker will make custom dictionaries/rule files that prepend the salt and separator, then use standard md5($pass) to attack it with no length exceptions)
The real solution to slowing down attack rate would be to simply use a hashing algorithm that is very costly in system resources. Don't try to hide your crypto system from the attacker, rather flaunt a good one in front of them while they get frustrated and give up because the attack speed makes the fruit hang too high
All you are doing is slightly slowing down attack speed by using an obfuscation technique first (which will be discovered quickly) and a non-standard salting format (which some crackers may not like at first). The problem is that these can both be overcome rather easily, even with GPU hashcat, albeit maybe at a slower attack rate. (at worst, the attacker will make custom dictionaries/rule files that prepend the salt and separator, then use standard md5($pass) to attack it with no length exceptions)
The real solution to slowing down attack rate would be to simply use a hashing algorithm that is very costly in system resources. Don't try to hide your crypto system from the attacker, rather flaunt a good one in front of them while they get frustrated and give up because the attack speed makes the fruit hang too high