Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

6
  • 4
    Funny and agree with the sentiment, but its irrelevant as he didn't write his own cipher. He took existing crypto-hash functions MD5 and SHA1 along with custom permutation function dumb_perm (dumb_perm('00112233445566778899aabbccddeeff') goes to 'ccddeeff8899aabb0011223344556677'), so hash = SHA1(salt++dumb_perm(MD5(pw))) and created their salt in an overly complicated manner. While they've increased their maintenance costs for no gain in security, they are not creating their own cipher--the flaw is that simple hashes are too quick nowadays, so key-strengthening is necessary. Commented Dec 19, 2012 at 16:41
  • I think the greater problem is that the question's example is more of a case of key weakening than it is of key strengthening. It may not be a new cipher, but it's falling for the same pitfalls. Commented Dec 19, 2012 at 18:08
  • 1
    @drjimbob cipher != hash Commented Dec 19, 2012 at 21:09
  • @bradley.ayers - I understand the difference (ciphers are used for encryption; hashing is not encryption as its not reversible.) The meme image first used the word "cipher", and I didn't criticize Rory as cryptographic hash function like MD5 and SHA1 are based on algorithms similar to block ciphers: en.wikipedia.org/wiki/… However, Dave didn't create his own cipher/hash functions or anything similar. He merely did a dumb permutation of an MD5 at one step of a weak hashing scheme (sha1(salt+md5(pw)). Commented Dec 19, 2012 at 21:17
  • 3
    One does not simply write one's own cipher sounds better Commented Mar 19, 2013 at 7:21