-1

From what I know there is a method called salt added to hashes in order to prevent attackers from using pre-computed hashes.

As long as the attacker can find a static salt in reverse hashing and do a collision attack how secure is the algorithm bellow:

hash1 = md5(password)
hash2 = md5(reverse(password))
md5(hash1 + hash2)
schroeder
  • 123,438
  • 55
  • 284
  • 319
Heartagramir
  • 113
  • 2
  • 1
    MD5 is broken. There are far better algorithms for password hashing. I don't understand why there are still people who even consider using MD5. – Philipp Dec 12 '15 at 19:51
  • 1
    what if my password is 123racecar321 –  Dec 12 '15 at 20:16

2 Answers2

5

The reason for using salted hashes has nothing to do with making collision attacks more difficult. The reason for using salted hashes is to make it more difficult to use rainbow tables to reverse the hash. See Why are salted hashes more secure for password storage? for more info.

Community
  • 1
mti2935
  • 19,868
  • 2
  • 45
  • 64
  • That's not the point thanks for the information though... I didn't knew what they call the attack... from where I read it said collision attacks... – Heartagramir Dec 12 '15 at 18:47
  • MD5 should not be used anymore, collissions for MD5 can be created and it is to weak / fast. – Daniel Ruf Dec 12 '15 at 19:11
  • 1
    @DanielRuf MD5 should not be used as it is too fast, you are correct. Collisions, however, are completely irrelevant to password hashing. – Xander Dec 12 '15 at 19:14
3

Your approach does not deal with pre-computed hashes and rainbow tables. Knowing your hashing scheme, I can pre-compute password lists, although your approach makes the process slower.

The purpose of the salt is to make each hash secure on its own, even if the hashing algorithm is known.

schroeder
  • 123,438
  • 55
  • 284
  • 319