0

For my Web class project I was told to make a website with login/logout functionality and one of the things my professors demanded was using hashing algorithms to encrypt the users password.

Is it smart to do 1 or more different algorithms to convert my data(in this case a string) before doing the hashing algorithm(ex: MD5, SHA-1,etc)?

Improve this question
1
  • I'm not sure it's the sort of thing you had in mind, but it's certainly smart to salt the data first, to give just one obvious example. Commented Dec 9, 2015 at 20:05

1 Answer 1

Reset to default
1

No it's not.

Short answer, it won't increase security, and will probably only increase the risk of collisions.

Make sure you use an algorithm designed to hash password like PBKDF2 or BCrypt. Hashing algorithm like MD5 and SHA-1 were created to be efficient, not secure and therefore should never be used to hash password.

Also, use a salt to hash to password to prevent preimage attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I was generally talking. If I use a salt and an algorithm designed for my password is it safer if I use a self-made encryption algorithm before all that process?
No. Modern cryptographic hash function are already very good. At best, adding your algorithm won't increase security in any way. But there is a good chance doing so will weaken it.
Read this answer for more details

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.