Is there an advantage to this hash for security?

Question

Is there any advantage to

sha1(sha1(sha1($password. $salt)));

Basically having multiple sha1 verses just one sha1

sha1($pa         


        

Answer 1

The more times it has to go through the hashing process, the longer it takes to hash, and the fewer attempts an attacker will get per day. If hashing it once takes 10ms, and hashing it a ten times takes 100ms, then an attacker can attempt 6000 passwords per minute with hashing it once, and 600 per minute with hashing it ten times. Of course, with a web application, trying to brute force at either 6000 or 600 per minute is essentially a DOS attack. Cryptographic hashes tend to take a while to do for this purpose, and it's also common to hash multiple times.

You should probably use sha512 instead of sha1, which you can do with hash() like hash('sha512',$stringtobehashed);, sha512 also takes approximately 5 times longer than sha1 to hash.