unbruteforceabe hash?
#1
Hi Folks!

I'm thinking about using a software with the following hash-algorithm: sha1(salt+sha1(salt+pass+salt))

I wanted to check if this algorithm is secure.

As far as I can say, no Bruteforce-Software supports such a algorithm, right? So you would say this method is secure?

thanks!
#2
(04-30-2012, 09:45 PM)matafor Wrote: Hi Folks!

I'm thinking about using a software with the following hash-algorithm: sha1(salt+sha1(salt+pass+salt))

I wanted to check if this algorithm is secure.

As far as I can say, no Bruteforce-Software supports such a algorithm, right? So you would say this method is secure?

thanks!


No. especially since you have just posted this, it would be absolutely trivial to add this algorithm to a bruteforcer (or write your own).

Additionally, even if you don't divulge the combination, that doesn't guarantee someone can't figure it out, one way or another.

It may help to keep the script-kiddies out, but nothing is unbreakable.
#3
a similar algorithm, in fact more secure is already bruteforceable :: sha1($salt.sha1($salt.sha1($pass)))
#4
[Image: Facepalm-Picard-360x360.jpg]


Read up on security through minority.

Then, once you have realized how silly it is to try to reinvent the wheel by out-smartening ones designed by cryptography geniuses;

Look at the preexisting algorithms available for you.

More specifically crypt(sha512) or bcrypt().
#5
see here: https://hashcat.net/forum/thread-1066.html