Java – MD5 is the letter of each password worth it?

Java

to greet,

I am currently developing a project involving login system, which aims to set up as safely as possible

What I want to ask is whether each element in MD5 (obtained from the password field) is worth it. Add a salt to each char element to be hashed with MD5. After completion, add all the hash values from each role, and then add a separate salt, and then MD5 again?

Is this actually safe, or is it just overkill?

Solution

It's not secure at all because the key space is only 255 Adding a salt to each letter will only add the same salt to the entire string, and may reduce the entropy of the hash rather than increase it

The correct solution is to use the correct cryptographic hash algorithm (such as bcrypt, scrypt or pbkdf2) and avoid writing your own algorithm

MD5 (and SHA-1, SHA-2, etc.) is very fast and easy to crack the password anyway

edit

Today we saw a good example: iPhone hacker publications secret Sony Playstation 3 key

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>