[RESOLVED] Double Hashing

Neville1985

This is probably a stupid question but I will ask it any for clarity.

Mission statement: A secure auth controller

I have code but its unfinnished so I will not post it. Although is there any point in what I call "double" hashing.

For example, using a sha1 encryption then md5 over that, with a salt.

$userpass = md5(sha1($pass . $salt));

is there any point in doing that or is the concept redundent?

johanafm

There is no point. You just end up hurting security. Do use salt though. And if the above aren't enough for you, you could use SSH2 instead, e.g. with mhsash(MHASH_SHA256, ...).

Neville1985

johanafm;10931416 wrote:
There is no point. You just end up hurting security. Do use salt though. And if the above aren't enough for you, you could use SSH2 instead, e.g. with mhsash(MHASH_SHA256, ...).

Thanks mate, appreciate the advice.