AuthMe Reloaded

AuthMe Reloaded

3M Downloads

Multiple Encryption

troke12 opened this issue ยท 1 comments

commented

I was thinking for more better security, and this is the workflow for multiple encryption

config.yml

# MultipleEncryption
EnableMultipleEncryption: true
EncrytionFirst: MD5
EncryptionTwo: BCRYPT

# if the MultipleEncryption enabled it will disabled this
passwordHash: BCRYPT

image

i dont know if this possible or not, just suggestion

commented

Security doesn't really increase with two different algorithm. Your security model would be limited by the weaker algorithm. In this case MD5. MD5 is very fast to compute, has rainbow tables and collisions have been found multiple times. If that's the case, then you could first cracked MD5 -> BCrypt and once you found one you could calculate the original MD5 password. Furthermore you would increase the attack surface.

If you want to increase the security, you could raise the computing power (rounds) or hardware requirements by requiring more memory (e.g. scrypt) that would eliminate highly parallel computing like GPU computing.