Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
StynuBlizz2017-01-25 11:39:13
Android
StynuBlizz, 2017-01-25 11:39:13

Is this double salt hashing scheme strong enough?

Applications on android:
The user logs in and the following password data is sent to the server
(hash (hash password) + (something taken from the password hash as a salt))
On the server:
Getting this hash and doing the following:
(hash ((hash (hash came in the request)) + (hash (salt that is in the database)))
Well, I check what happened with what is in the database
. As a result, a salt is obtained that is not stored anywhere and in order to crack the password, you will need to find out the salt generation algorithm android application. Is it all right? Or is there a hole somewhere

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
R
Rsa97, 2017-01-25
@StynuBlizz

Security through obscurity is the worst option. Transmit the password over a secure connection and don't be perverted.
And the hole is that if someone can intercept the password, then he can intercept the cache with the same success, this will be enough for authentication.

Report
_
_ _, 2017-01-25
@AMar4enko

There is no point in this - send the password itself via https and that's it.

Report
D
Dmitry, 2017-01-25
@dmtrrr

the algorithm for obtaining salt in the android application, if desired, can be found.

Similar questions
0
0ldn0mad2019-09-30 20:39:52
How to build a query to join tables? 5Reply
S
Seth262015-12-31 22:58:33
Question for Android application developers, possibly using Eclpipse, Android studio, etc. and a Bluetooth stick to connect to another phone? 1Reply
N
nikita_chiru2016-12-28 21:45:52
How to make webview run javascript? 2Reply
N
Neonoviiwolf2016-12-29 03:03:51
How to create a similar element in an android application? 1Reply
A
Ainur Shakirov2015-01-03 00:12:58
Search vpn with logs, or how to track application requests without root. (Android)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question