-1
So you are tasked with creating an open source password authentication system but you want to reveal as little about the implementation of the hash function as possible. Can you write a function that takes in a password string and a salt string and outputs a salted hash string without revealing the hashing function?
End date: 6th of July
Popularity contest: So whoever is voted as hardest to figure out the hashing method.
Restriction: Must use an accepted as secure hashing function
What do you mean "without revealing the salt"? So you mean that the salt should be static and hard-coded, or that it should be dynamic - in which case you'd get a different response every time you called the function – James_pic – 2014-06-24T15:55:37.447
6This question makes no sense. The salt should be an input. – Peter Taylor – 2014-06-24T15:55:41.443
@PeterTaylor Didn't think about that correctly. Yeah the salt string is an input – ford prefect – 2014-06-24T17:32:55.937
"without revealing" is this a [tag:obfuscation] (make code as unreadable as possible) or [tag:underhanded] (make code look as if it does something else)? – None – 2014-06-24T19:22:45.257
@professorfish obfuscation (for security)... I thought this would be an interesting question. I am new to golfing – ford prefect – 2014-06-24T19:24:12.513
2@inquisitiveIdiot Security through obscurity? I'm sure that'll work out just great... – ɐɔıʇǝɥʇuʎs – 2014-06-24T19:25:12.393
@ɐɔıʇǝɥʇuʎs if you're gonna open source an authentication then your security is limited either way – ford prefect – 2014-06-24T19:25:56.847
Because the salt is an input, it is not hidden. I suggest to delete the requirements about hiding the salt. Delete "either the salt or". Then in "figure out the hashing method and salt", delete "and salt". – kernigh – 2014-06-24T19:58:39.367
@kernigh fair point – ford prefect – 2014-06-24T20:14:05.390
1@inquisitiveIdiot I disagree on your open source standpoint; making something like RSA public only makes it more secure as the public can scrutinize it – qwr – 2014-06-25T09:30:37.823
None of the functions mentioned in answers so far are secure password hashing functions. Secure password hashing functions must be slow.
– Gilles 'SO- stop being evil' – 2014-08-26T18:01:17.353The assertions that “if you're gonna open source an authentication then your security is limited either way” and “obfuscation (for security)” are utterly ludicrous. All you'd be hiding is your incompetence, and it's easily revealed (and so are your users' passwords). – Gilles 'SO- stop being evil' – 2014-08-26T18:02:52.893