There are plenty of questions on this site about hashing passwords. However, none of them quite cover this topic. One of those links covers using multiple different hash algorithms; one covers general hashing, and the other covers how passwords should be transferred. However, I want to know what the security implications of using one hash function multiple times.
I came across an article a while ago saying that this is not a good idea. However, I want some definitive answers. So, what are the security implications, good or bad, of using a hash system like this:
hash(hash(hash(password) + salt) + pepper)
In other words, hashing the password, then hashing the hash of the password with the salt, then hashing this hash with the pepper.
Aucun commentaire:
Enregistrer un commentaire