I figured a simple way to use salt, but to also make it almost impossible to break unless you know at least how long the password was.
SUBSTRING(MD5( username + password ),MOD(LENGTH( password ), 12) +10 ) || MD5( username + password ), 0, MOD(LENGTH( password ), 12) +10 )
So basically, I do an MD5 on the combined username and password. Then, I look at the length of the password and split the resulting MD5 in two. Then i take the back half and put it at the front, thus making any lookups via rainbow table, etc. yield invalid results.
So for example, so I wanted to do it for “user” and “default”: the MD5 for “userdefault” is “4b4f5e65f81dc293b6d7a22e081e45ef”. But, since “default” is 7 characters long, then the mod calculation returns 5+10, so 15. Then the MD5 is split and reversed like so: “4b4f5e65f81dc293 b6d7a22e081e45ef” => “b6d7a22e081e45ef4b4f5e65f81dc293″
To further add a twist, you could modulus the ascii value of a designated character in the password to use for splitting (just make sure that the resulting math returns something under the 32 hex digits that make up the md5…. hence why I used mod and then added 10 so that the resulting MD5 is split SOMEWHERE close to the middle.)
沒有留言:
張貼留言