• caglararli@hotmail.com
  • 05386281520

Multiple Layers of Hashing when storing passwords [duplicate]

Çağlar Arlı      -    56 Views

Multiple Layers of Hashing when storing passwords [duplicate]

A common principle in InfoSec is Defence-In-Depth.
When encrypting sensitive data, it might make sense to have the data encrypted a few times. Veracrypt does this for example with the AES-Twofish-Serpent algorithm

A good practice is to store passwords for authentication databases in a secure hash format like bcrypt/argon2

But would it be possible / make sense to also have multiple layers of hashes to prepare for a scenario where a collision is found in one of the algorithms considered secure currently?

For example: take the plaintext password, hash it with BCrypt. Then hash the BCrypt hash with Argon2 and only store the Argon2 result in the database?