CodingForums.com - View Single Post

devinmaking · 01-29-2013, 03:35 PM

Hi guys how are things

Ive recently been thinking of ways to make my passwords a little less hackable.

Ive been thinking of using bcrypt or scrypt but in my way of thinking its not how good the hash encryption algorithm is but how you set your passwords out.

I maybe wrong here as i have only been in this industry for 18 months.

But i was thinking of having a salt password and pepper in sha256 which i know is not the best but still has a 256bit encryption which will slow the hacker down a few seconds lol..

Then i was thinking of cutting the password into 20 and scrambling it.

Like so

PHP Code:


			
$salt     = hash('sha256', '&^RVNH.dsf(&');
$pepper = hash('sha256' , rand(1,9999) . rand('a','z') . rand(1.999));
$passraw = $salt . hash('sha256', $password) . $pepper . '9s8fj2ms';
$p1 = substr($passraw,0,10);
$p2 = substr($passraw,10,10);
$p3 = substr($passraw,20,10);
$p4 = substr($passraw,30,10);
$p5 = substr($passraw,40,10);
$p6 = substr($passraw,50,10);
$p7 = substr($passraw,60,10);
$p8 = substr($passraw,70,10);
$p9 = substr($passraw,80,10);
$p10 = substr($passraw,90,10);
$p11 = substr($passraw,100,10);
$p12 = substr($passraw,110,10);
$p13 = substr($passraw,120,10);
$p14 = substr($passraw,130,10);
$p15 = substr($passraw,140,10);
$p16 = substr($passraw,150,10);
$p17 = substr($passraw,160,10);
$p18 = substr($passraw,170,10);
$p19 = substr($passraw,180,10);
$p20 = substr($passraw,190,10);
    
$passencrypt = $p2 . $p5 . $p19 . $p11 . $p1 . $p15 . $p7 . $p18 . $p3 . $p20 . $p17 . $p16 . $p4 . $p10 . $p8 . $p12 . $p14 . $p9 . $p13 . $p6;

Can someone tell me if this is worth it or am i just playing with stuff that wont make any difference?

Thanks

**EDIT**

For got to mention because the pepper is random, this is stored in a different table within the database to retrieve it when login is in effect.

01-29-2013, 03:35 PM	PM User \| #1
devinmaking Regular Coder Join Date: Oct 2011 Posts: 236 Thanks: 11 Thanked 5 Times in 5 Posts	Is this a good way to hash passwords? Hi guys how are things Ive recently been thinking of ways to make my passwords a little less hackable. Ive been thinking of using bcrypt or scrypt but in my way of thinking its not how good the hash encryption algorithm is but how you set your passwords out. I maybe wrong here as i have only been in this industry for 18 months. But i was thinking of having a salt password and pepper in sha256 which i know is not the best but still has a 256bit encryption which will slow the hacker down a few seconds lol.. Then i was thinking of cutting the password into 20 and scrambling it. Like so PHP Code: $salt = hash('sha256', '&^RVNH.dsf(&'); $pepper = hash('sha256' , rand(1,9999) . rand('a','z') . rand(1.999)); $passraw = $salt . hash('sha256', $password) . $pepper . '9s8fj2ms'; $p1 = substr($passraw,0,10); $p2 = substr($passraw,10,10); $p3 = substr($passraw,20,10); $p4 = substr($passraw,30,10); $p5 = substr($passraw,40,10); $p6 = substr($passraw,50,10); $p7 = substr($passraw,60,10); $p8 = substr($passraw,70,10); $p9 = substr($passraw,80,10); $p10 = substr($passraw,90,10); $p11 = substr($passraw,100,10); $p12 = substr($passraw,110,10); $p13 = substr($passraw,120,10); $p14 = substr($passraw,130,10); $p15 = substr($passraw,140,10); $p16 = substr($passraw,150,10); $p17 = substr($passraw,160,10); $p18 = substr($passraw,170,10); $p19 = substr($passraw,180,10); $p20 = substr($passraw,190,10); $passencrypt = $p2 . $p5 . $p19 . $p11 . $p1 . $p15 . $p7 . $p18 . $p3 . $p20 . $p17 . $p16 . $p4 . $p10 . $p8 . $p12 . $p14 . $p9 . $p13 . $p6; Can someone tell me if this is worth it or am i just playing with stuff that wont make any difference? Thanks EDIT For got to mention because the pepper is random, this is stored in a different table within the database to retrieve it when login is in effect. Last edited by devinmaking; 01-29-2013 at 03:41 PM..