Josh
2013-05-14 20:19:19 UTC
Part of the code for when submitting the form encrypts the password into md5 42 times. For example (The code is javascript):
for (var i=0; i < 42; i++){//Encrypts password 42 times
password = MD5(password);
}
Does this make my login form much more secure since it encrypts the password 42 times before the data gets sent - meaning that if the data is intercepted they will have to decrypt an md5 code 42 times - which would be a painstaking amount of time required.
Or does this mean it makes my website more vulnerable to a client because
(a) There is a tool that can decrypt an md5 hash into its original md5 hash (but no further); or
(b) A software could be used to change the amount of times the loop for password encryption will occur making it impossible for the user to login.
Basically - is the code safe from any type of hacker attack, or should I just encrypt the password once, or not at all?