Hey everyone! I’m working on a password system that’s meant to be user-friendly. I want it to accept passwords even if they have one extra character. I made my own hashing function instead of using a library. Here’s what it looks like:
let hash = 0;
const p = 131;
const valM = 1e9 + 7;
for (let i = 0; i < userInput.length; i++) {
const charCode = userInput.charCodeAt(i);
hash += charCode * Math.pow(p, userInput.length - i - 1);
}
hash %= valM;
Now I’m stuck. I need to figure out how to get the original password from this hash. Is that even possible? I know it’s not the best security practice, but I’m curious if it can be done. Any ideas or explanations would be super helpful! Thanks in advance for your input.
I understand your intention to create a user-friendly system, but I must caution against this approach. Your custom hashing algorithm is fundamentally flawed for password security. It’s deterministic and lacks salt, making it vulnerable to rainbow table attacks. Moreover, the ability to reverse a hash defeats the purpose of hashing in the first place.
Instead, consider using a well-established password hashing function like bcrypt, scrypt, or Argon2. These are designed to be slow and resource-intensive, which is actually a good thing for password hashing. They also incorporate salting to prevent precomputation attacks.
For allowing slight variations in passwords, look into implementing a secure password reset mechanism or multi-factor authentication instead. This maintains security while improving user experience.
As someone who’s been through the ringer with custom security implementations, I can tell you it’s a minefield. Your algorithm, while creative, has some serious vulnerabilities. It’s not just about reversibility - it’s about resistance to various attack vectors.
I once made a similar mistake in a project, thinking I could outsmart standard practices. It backfired spectacularly when a penetration test revealed multiple weaknesses. The lesson? Stick to proven cryptographic libraries.
For your use case, consider implementing a fuzzy matching system on top of a strong hash. This way, you can allow for slight variations without compromising security. Libraries like ‘fuzzyset.js’ could be useful here.
Remember, in cryptography, if you’re asking if something is possible to reverse, it’s probably not secure enough for passwords. Always err on the side of caution and use established methods.
oh no, thats not secure at all! reversing hashes is a big no-no in security. your algorithm is basically a polynomial hash, which can be cracked. for real password security, use established methods like bcrypt or Argon2. don’t reinvent the wheel with passwords, its risky business!