Lets say I have a system in which I save the user's passwords using SHA-2. Now I was just wondering would it be a good approach if I take the MD5 hash of the password and then compute SHA-2 for the resultant MD5 hash? Are there any chances of duplications?
-
My question; why? – Adam Sitemap Oct 25 '16 at 10:00
-
4Possible duplicate of [Why is hashing a password with multiple hash functions useless?](http://security.stackexchange.com/questions/131527/why-is-hashing-a-password-with-multiple-hash-functions-useless) and [Why improvising your own Hash function out of existing hash functions is so bad](https://security.stackexchange.com/questions/33531/why-improvising-your-own-hash-function-out-of-existing-hash-functions-is-so-bad?rq=1) – Steffen Ullrich Oct 25 '16 at 10:01
-
@AdamSitemap because lets say if someone has a list of hashes for all the dictionary keywords. and any of my password is from the dictionary then they can easily find the password. guide me if I am wrong. – Umair Afzal Oct 25 '16 at 10:10
-
1Here you have a good answer: http://stackoverflow.com/a/348140/3623003 – Vini7 Oct 25 '16 at 10:33
-
1@UmairAfzal I can see where you are coming from but it is easy for the bad people to mitigate. The standard way of doing what you want is using a salt (see my answer below) say you have 3 users, 2 users use "abc" as their password and the other uses "abcd". the bad people use a bruit force (a, b,c...aa,ab,ac) so with SHA-2->MD5 they know 2 uesers use the same password, then calculate a to abc and find their first 2 passwords and carry on to abcd and find the 3rd. 1/2 – Topher Brink Oct 25 '16 at 10:36
-
with salt+password -> any hash function you would have the hashes for 2b/UX?abc, Vu}6PJabc and M8sg'Babcd but they know the first 6 characters so they start with 2b/UX?a and carry on to 2b/UX?abc and find one password they then have to start again from Vu}6PJa to Vu}6PJabc to find the second then they have to start again from M8sg'Ba to M8sg'Babcd to get the 3rd, can you see how making the password different but telling anyone that looks how its different still makes finding the password a lot more difficult? 2/2 – Topher Brink Oct 25 '16 at 10:42
2 Answers
There is always a chances of duplication's but most of the time the chance is fairly low (but higher than you would think, look at the birthday 'paradox')
Hashing twice will not give huge amounts of extra security, it is the security of hash 1 + security of hash 2.
To increase the security of password hashes you should salt them, this is give each password an individual random string to be appended to the password each time it is hashed, this will remove the threat of a pre-calculated table (rainbow table) revealing the passwords.
As mentioned in the security now podcast, there is nothing wrong with hashing passwords multiple times, actually it is encouraged because if you want to change the hash that your passwords are encrypted with, you dont have to wait for the password to be entered again to hash it with the new hash, you can hash all the old hashes with the new hash. This gives everyone the security of the new hash immediately.
I would also like to point out that MD5 and SHA-2 are bad hash functions for passwords. Password hash functions should be 'slow' and MD5 was designed to be fast (I don't know about SHA-2), you should use functions like Argon2, bcrypt, scrypt, or PBKDF2 which are really hard to speed up.
- 1,629
- 11
- 13
-
"his is give each password an individual random string to be appended to the password each time it is hashed" So if the string we are adding is random Then how are we going to remove it ? – Umair Afzal Oct 25 '16 at 10:07
-
1you dont, your store it with the hash, then when the user enters their password you append their input with your salt, put the result through the hash function which should match the hash you have stored if the user input is the same both times – Topher Brink Oct 25 '16 at 10:09
-
I don't see anyone explaining the downvotes: you are suggesting various ways of re-inventing bcrypt (or scrypt or pbkdf2 or whichever flavor you like). Use one of those, not something self-invented. See: [How to securely hash passwords?](http://security.stackexchange.com/q/211/10863) – Luc Oct 25 '16 at 12:17
It will not have any benefit, as the purpose of hashing is to map data of arbitrary size to data of fixed size uniquely and irreversibly
PROBLEM WITH MD5 BEFORE SHA2
There are a lot of examples of MD5 collisions so your two pieces of data, s1 and s2, may lead to the same MD5 hash, which can lead to the same SHA-2 output.
I don't think this is what you want.
- 3,977
- 3
- 14
- 25
- 660
- 3
- 20