I am building a cms with php, javascript, mysql, ect. I am doing this mostly for fun and learning. But, as a fan of Steve Gibson, I am trying to keep things very secure. And I advocate, T.N.O. So here's my question.
Case scenario:
A new user creates an account. In that account, we store a hash of their password which is salted twice. Salted once with a hash used for all users stored on the server. The second salt is created by hashing with another salt the time and date of the creation of their account. This second salt is stored in the database with the user login.
So now, each time the user logs in, their information is salted and hashed using sha512 with a universal salt<known to the server>, and a unique salt<known to the DB>, and checked against the values stored in the database.
Question: Do you see a weak point in this algorithm?
Case scenario:
A new user creates an account. In that account, we store a hash of their password which is salted twice. Salted once with a hash used for all users stored on the server. The second salt is created by hashing with another salt the time and date of the creation of their account. This second salt is stored in the database with the user login.
So now, each time the user logs in, their information is salted and hashed using sha512 with a universal salt<known to the server>, and a unique salt<known to the DB>, and checked against the values stored in the database.
Question: Do you see a weak point in this algorithm?
