Multi hash security

Question

Is md5(sha1(pass)) more secure than md5(pass)? For example in case of sqli when an attacker can't get our hashing schema, brute force or dictionary attack would be much less efficient. Am I right or is it pointless?

Answer 1

"MD5(SHA-1(password))" is more secure than "MD5(password)" in the following sense: computing SHA-1 then MD5 on a candidate password takes about 2.5x the time it takes to compute only MD5 on the same password. Thus, it makes naive dictionary attacks 2.5x slower.

It still is pathetically weak, for two reasons:

• 2.5x slower than a single MD5 is still awfully fast. With some off-the-shelf GPU, any attacker with limited skills and a budget of less than 1000 dollars can still compute MD5(SHA-1(password)) several billions of times per second. See this site for benchmark.

• Since the scheme is deterministic and depends only on the password (it has no "salt"), several hashes can be attacked in parallel; e.g. with a database of 1000 hashed passwords, the attacker can try to break all 1000 for the computing cost of breaking only one. This can be further optimized with precomputed tables, in particular the much-hyped rainbow tables.

Password hashing is a field in its own right, and Science has progressed way beyond the haphazard nesting of a couple of primitives. See this answer for a primer on how password hashing should be done (at least for now; research is still active in that area).

(And the hope that "attacker cant get our hashing schema" is overoptimistic. Attackers, as a rule, know a lot more about your own system than you do yourself. "Security through Attacker's Incompetence" is a widespread method which has never lead to anything but sorrow and much grinding of teeth.)