Edit - Stack Overflow

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

PHP encryption method

I have an encryption method that has the following behavior: each character of the password is put through a method that gets the ASCII value of that character and shifts the bytes one way, and then the other way, and returns the following:

$shifted_left.$original_char.$shifted_right.

An example of a password before it is hashed:

àp8Âa0æs9æs9îw;Þo7är9Èd2Îg3Þo7Êe2æs9Ðh4Êe2är9Êe2d2

After this, the resultant string formed from going through each character in the original password is hashed using BCrypt. Does surrounding the passwords with these junk characters improve the strength of the passwords or protect them from being cracked via rainbow tables/dictionary attack?

Answer*

Draft saved

Draft discarded

Edit Summary*

Cancel

True.. but, since the password being hashed isn't actually the password, but the jumbled string, doesn't that mean if they were to attempt a brute force attack, they wouldn't be able to actually crack any of the passwords since the real password isn't stored?

SHH
– SHH

2012年07月12日 07:10:59 +00:00
Commented Jul 12, 2012 at 7:10
When an attacker break in your server (or wherever your code is), he/she know how you build you hash-string. There is no magic, so an attacker can brute-force the hashes very soon...

Ron
– Ron

2012年07月12日 07:16:52 +00:00
Commented Jul 12, 2012 at 7:16
@SHH If they'd attempt to brute-force your data, they'd need to know your particular algorithm anyway. It's not really possible to tell from looking at a hash what algorithm was used. If your database is compromised so that your hashes are leaked, simply assume that the algorithm is leaked with it since the attacker has access to your server.

deceze
– deceze ♦

2012年07月12日 07:21:07 +00:00
Commented Jul 12, 2012 at 7:21

Add a comment |

How to Edit

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

How to Format

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »

How to Tag

A tag is a keyword or label that categorizes your question with other, similar questions. Choose one or more (up to 5) tags that will help answerers to find and interpret your question.

complete the sentence: my question is about...
use tags that describe things or concepts that are essential, not incidental to your question
favor using existing popular tags
read the descriptions that appear below the tag

If your question is primarily about a topic for which you can't find a tag:

combine multiple words into single-words with hyphens (e.g. python-3.x), up to a maximum of 35 characters
creating new tags is a privilege; if you can't yet create a tag you need, then post this question without it, then ask the community to create it for you

popular tags »

lang-php

CollectivesTM on Stack Overflow

PHP encryption method

Answer*