MD5

Created: 26.04.2023

generacodice.com/en/articolo/175462/sales-y-contraseรฑas—prefijo-o-de-sufijo unlike what others said, it does matter! and as @einstein if you care useย HMAC.

why prefix is bad, because one can calculate the intermediate state of the checksum up to the given fixed salt prefix. then start calculating the rest in parallel. In summaryย phrase+saltย is more secure thanย salt+phrase, butย HMAC(salt, phrase)ย is even better.

!! https://www.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks

https://crypto.stackexchange.com/questions/1632/does-the-position-of-the-salt-improve-its-effectiveness-when-hashing

https://blog.silentsignal.eu/2015/09/17/finding-the-salt-with-sql-inception/

https://www.researchgate.net/publication/266650299_Security_Analysis_of_MD5_Algorithm_in_Password_Storage

https://ieeexplore.ieee.org/document/6516321

https://security.stackexchange.com/questions/211478/does-putting-salt-first-make-it-easier-for-attacker-to-bruteforce-the-hash