Pasword Salt
Moderator: General Moderators
Pasword Salt
I'm getting a membership site put up soon, and I already have user registrations and logins. I hash the passwords using sha1, but how do i salt my passwords for extra security?
- Kaleb Klein
------------------------------------
Web Developer | Software Developer
https://kalebklein.com
PGP Key: https://keybase.io/pazuzu156
------------------------------------
Web Developer | Software Developer
https://kalebklein.com
PGP Key: https://keybase.io/pazuzu156
Re: Pasword Salt
Check the article/discussion in my sig and come back for questions 
Re: Pasword Salt
Pazuzu156 wrote:I'm getting a membership site put up soon, and I already have user registrations and logins. I hash the passwords using sha1, but how do i salt my passwords for extra security?
Code: Select all
$h = hash( 'whirlpool', $password.'n2m#E9S(hqdJH-ir8!7m/D5bk4_iQ'.$userId );But better read Mordred's article anyway
Re: Pasword Salt
You can use

Code: Select all
$md5_password=md5(md5($pasword).'salt');
Re: Pasword Salt
This is not proper because it reduces security by increasing possible collisions.JimJiang wrote:You can useCode: Select all
$md5_password=md5(md5($pasword).'salt');
Re: Pasword Salt
While technically this is true, the increased chance of a collision is still so very very close to zero. With passwords we mostly care for the "one-way" property, not the "hard-to-collide" property of the hash functions.