Password Hashing Technique - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

Password Hashing Technique

EmotionalNinjaEmotionalNinja Posts: 2Member
I know it's a good practice to salt and pepper passwords when storing them in a database, as well as hashing them several times. However tonight I was thinking about a different way to store passwords in a database.

Basically it just takes a random number, in the case for the example it's between 10,000 and 20,000. It then hashes the password based on the random number that is generated and then it would store the password AND the random number in the database.

I didn't add any salt or pepper to the password since this is really just added security but would this be an effective measure? I know that if a hacker got into the database they could see how many times the password is hashed, but they would have to hash their library based on how the original number that was created at registration.

Or when storing the number in the database you could add a number to the random number and at login you could subtract that same number so the actual number of hashes aren't stored in the database.

Anyway I'm just looking for some input on this idea, code example below.

<?php
$hashed = rand(10000, 20000);
$password = "SomeRandomPassword";
$i = 0;
$hashedPassword = "";
for($i = 0; $i <= $hashed; $i++)
{
$password = hash('sha256', $password);
}
/************************************
When writing the hashed password to
the database also write the random
number so at login the random number
can then be called.
************************************/
?>

Comments

Sign In or Register to comment.