Say a person registers for the site, you hash the password they've selected then use that hash like a salt and rehash their password with this salt.


String hash1 = MD5(password);
String endHash = MD5(hash1 + password);

then store endHash inside your database. Would this effective agaisnt Rainbow Table attacks if my database was comprimized? Or shall we be held missing something which will make simple to use to interrupt?

This really is key strengthening (, a pleasant technique that nevertheless doesn't replacement for actual salt. It won't safeguard you from a rainbow table written with this particular double-hash function.

The purpose of salting would be to prevent using huge precalculated tables. With this particular method you'll be able to calculate the hash associated with a password with no need to access your database. You need to store a random value and hash the password which value together.

The weakness of hashed passwords may be the attacker's understanding of the hash function. When they know your hash function although not your salt, the salt has protected your passwords. When they know both hash function as well as your salt, your computer data reaches risk.

Because this is applicable for your question - using dynamic salt generally causes it to be harder to determine your salt. This increases security, but will not help if a person knows your formula.

Growing your complexity in by doing this does build your system harder to hack. There is nothing uncrackable given enough assets, however.

Rather than hashing two occasions you need to use the username as salt for that function:

String hash = MD5(username + password)

Opt for utilizing a different work as md5 is recognized as damaged MD5

Does not really make a difference: Your saved information is still based solely around the password, so there is no additional protection.

Also, you need to avoid MD5 in support of a presently-strong hash formula, for example SHA1, SHA-256, SHA-512.