I've just started looking into encryption for storing passwords in a mysql database and every article I read says something different. In the past I've just used md5() to encrypt the passwords and after some reading md5 is supposedly not very safe.
I've read up on using salts when encrypting. From my understanding salts are just used to prevent rainbow table attacks (correct me if I'm wrong). Now if someone is able to get a copy of my entire database to use a rainbow table attack on, wouldn't they easily be able to find out the salt I am using?
Below is what I am currently thinking of doing.
Code: Select all
$userjoindate = "1278929952"; //this is grabbed from the database
$pass = "abc";
$salt = "klsdfsjlk8kjwlew89huj" . $pass . $userjoindate;
$pass = $salt . hash("whirlpool",$salt); Any help would be greatly appreciated thanks.