Password hashing: is this a way to avoid collisions?

Question

Password hashing: is this a way to avoid collisions?

I was thinking about using 2 keys to hash each user password, getting 2 different hashes. So it would be (almost?) Impossible to find a password that works besides the actual password.

It is right? Is it worth it?

+3

security passwords hash

Happydeveloper May 29 '11 at 23:49

source share

3 answers

SHA256 . , .

+6

rid 29 '11 23:54

You can use a long hash. SHA-512, for example, is 512 bits, and (assuming it is homogeneous) is far, far less likely to collide as SHA-256. But personally, I would not worry about that. Most passwords themselves are less than 32 bytes (256 bits) and therefore should have an extremely low chance of collision with SHA-256.

+5

Samir Talwar May 29 '11 at 23:54

source share

Nemo · Accepted Answer · 2011-05-29T23:57:57+0000

An important rule to learn is "never try to invent your own cryptography." In the best case, you are simply wasting your time, and in the worst case, you are presenting security holes.

If you do not know if you are an exception to this rule, you are not an exception to this rule.

, . (SHA-256 - ) .

Password hashing: is this a way to avoid collisions?

More articles: