SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Feb 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How can I use salt and MD5 function to generate password??

    How can I use salt and MD5 function to generate password?. I have an application I got from internet. It is using salt and MD5 function to generate a password. Now I would like to understand how these come to play or use. I know how to use MD5 to encrypt the password. But I do not know how to use both MD5 and salt? Please help

  2. #2
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Here's some background information on using Salt.
    In cryptography, a salt comprises random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. A salt can also be used as a part of a key in a cipher or other cryptographic algorithm. The key derivation function typically uses a cryptographic hash function. Sometimes the initialization vector, a previously-generated value, is used as the salt.
    PHP Code:
    <?php
    $iSalt 
    rand(1000099999);
    $sPassword md5($iSalt 'userSuppliedPassword');
    ?>
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  3. #3
    SitePoint Guru bronze trophy TomB's Avatar
    Join Date
    Oct 2005
    Location
    Milton Keynes, UK
    Posts
    989
    Mentioned
    9 Post(s)
    Tagged
    2 Thread(s)
    I'd always use a salt that comes from another field that's stored with the password (e.g. username or registration date, one that's not going to change) that way you don't have to store the salt in its own field (or store it in the password field then do substr() or split() on it). The salt isn't important and it doesn't matter if it's known. There is a really nice article on password hashing here: http://www.developerfusion.com/artic...alt-with-that/


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •