

SHA512JS: Hash Locally - deckar01
http://deckar01.github.io/SHA512JS/

======
deckar01
I am looking for ways to beef up my passwords. This was mainly conceived as an
alternative to Passpack.

The idea is that hackers who obtain a server's hash do not expect the
plaintext password to actually be a base64 encoded SHA512 hash. It also
encourages salting to prevent password reuse.

What do you think?

Too much security?

Too time consuming?

Too awesome, must download GreaseMonkey script!

~~~
yunu_ng
Security through obscurity. The hackers don't expect you to have a hashed
password? So what? This is no different from salting.

Also, by adding a new function into your password hashing have you changed the
cryptographic properties of the composed function? Have you formally proved
that these new properties are as strong as the uncomposed properties? No? Then
don't do it.

DON'T ROLL YOUR OWN CRYPTO, PEOPLE!

Composing functions counts as rolling your own, btw.

