sherryecox
New Member
I have used unsalted md5/sha1 for long time, but as this method isn't really secure (and is getting even less secure as time goes by) I decided to switch to a salted sha512. Furthermore I want to slow the generation of the hash down by using many iterations (e.g. 100).My question is whether I should append the salt on every iteration or only once at the beginning. Here are the two possible codes:Append every time:\[code\]// some nice big salt$salt = hash($algorithm, $salt);// apply $algorithm $runs times for slowdownwhile ($runs--) { $string = hash($algorithm, $string . $salt, $raw);}return $string;\[/code\]Append once:\[code\]// add some nice big salt$string .= hash($algorithm, $salt);// apply $algorithm $runs times for slowdownwhile ($runs--) { $string = hash($algorithm, $string, $raw);}return $string;\[/code\]I first wanted to use the second version (append once) but then found some scripts appending the salt every time.So, I wonder whether adding it every time adds some strength to the hash. For example, would it be possible that an attacker found some clever way to create a 100timesSha512 function which were way faster than simply executing sha512 100 times?