Answer the question
In order to leave comments, you need to log in
S
S
StynuBlizz2017-01-25 11:39:13
StynuBlizz, 2017-01-25 11:39:13
Is this double salt hashing scheme strong enough?
Applications on android:
The user logs in and the following password data is sent to the server
(hash (hash password) + (something taken from the password hash as a salt))
On the server:
Getting this hash and doing the following:
(hash ((hash (hash came in the request)) + (hash (salt that is in the database)))
Well, I check what happened with what is in the database
. As a result, a salt is obtained that is not stored anywhere and in order to crack the password, you will need to find out the salt generation algorithm android application. Is it all right? Or is there a hole somewhere
4 answer(s)
@StynuBlizz
@AMar4enko
R
Rsa97, 2017-01-25 @StynuBlizz
Security through obscurity is the worst option. Transmit the password over a secure connection and don't be perverted.
And the hole is that if someone can intercept the password, then he can intercept the cache with the same success, this will be enough for authentication.
_
_ _, 2017-01-25 @AMar4enko
There is no point in this - send the password itself via https and that's it.
Similar questions
M
McMike2017-06-09 08:44:13
How to make several selects with a choice from one array of values?
1Reply
A
S
M
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question