Pasword Salt
Posted: Tue Oct 11, 2011 11:55 am
I'm getting a membership site put up soon, and I already have user registrations and logins. I hash the passwords using sha1, but how do i salt my passwords for extra security?
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Pazuzu156 wrote:I'm getting a membership site put up soon, and I already have user registrations and logins. I hash the passwords using sha1, but how do i salt my passwords for extra security?
Code: Select all
$h = hash( 'whirlpool', $password.'n2m#E9S(hqdJH-ir8!7m/D5bk4_iQ'.$userId );Code: Select all
$md5_password=md5(md5($pasword).'salt');
This is not proper because it reduces security by increasing possible collisions.JimJiang wrote:You can useCode: Select all
$md5_password=md5(md5($pasword).'salt');