3

I have read a lot of answers about this topic like:

None of these seem to talk about hashing multiple times with different salts.

Is this method of hashing:

hash(hash(hash(pass+salt1)+salt2)+salt3)

more secure than:

hash(hash(hash(pass+salt1)+salt1)+salt1)

where salt1,salt2,salt3 are different random salts, and the same hash function is used each time?

xee
  • 33
  • 2
  • 2
    I suggest you re-read the second link you have provided - multiple hashes with distinct salts are effectively how PBKDF2 works. It's not quite the same pattern you have - it's more hash(pass+hash(pass+hash(pass+salt))). – Matthew Dec 07 '15 at 14:46

2 Answers2

8

The three methods you show are all weak; three hash function invocations will not do much good, in a context where salts matter (you use salts because you envision an attacker would could, at some point, get a glimpse of the hash values; and, in that case, you need the function to be a lot slower than that). In any case, homemade assemblies of cryptographic primitives rarely achieve decent security.

To answer your explicit question: the value of salt is that they are not reused. In your first proposal, the "salt" is really the concatenation of three distinct sub-salts (that you call "salt1", "salt2" and "salt3"). In the second proposal, the same mechanism is used, but the three sub-salts are identical, which is a reduction of the space of possible salts. On the one hand, a shorter space increases the probability of reuse. On the other hand, reuse of some of the sub-salts still allows for some shortcuts on the attacker side.

Anyway, it is pretty hard to assess the differences in security of two hashing methods when they are both weak. Do yourself a favour: use a real, decent, well-designed and reviewed password hashing function. In practice, this means bcrypt. And read this answer.

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • I'd say aboth methods are equally weak: there is one password and one salt involved in all of them (accounting for the possibility that salt1 + salt2 + salt3 from #1 equals salt1 from #2). In particular: both have the same entropy to them and using more than 2 hashes never adds security (see HMAC) – marstato Dec 07 '15 at 17:56
0

The point of adding a salt is to prevent any construction of pre-computed tables as well as making the hash different when the same password is used by multiple users.

As long as you're using a large enough salt (128 bits lets say), adding more doesn't increase the security in any meaningful way.

Steve Sether
  • 21,530
  • 8
  • 50
  • 76