Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

## posted January 2015

$cur = 'plaintext'$cur  = md5($cur)$salt = randbytes(20)
$cur = hmac_sha1($cur, $salt)$cur  = cryptoservice::hmac($cur) [= hmac_sha256($cur, $secret)]$cur  = scrypt($cur,$salt)
$cur = hmac_sha256($cur, \$salt)

the explanation is here

tl;dr: the md5 is here for legacy purpose, cryptoservice::hmac is to add a secret salt, scrypt (which is a kdf not a hash) is for slowing brute force attempts and the sha256 is here for shortening the output.

Well done! You've reached the end of my post. Now you can leave me a comment :)