Changable Password SALT Script
Posted: Wed Jan 19, 2011 4:23 am
Here is a script to generate a 'random' SALT based on the username which means you don't have to store anything in your database as an additional salt.
Counts the number of Vowels in the username and then uses this to change the bit of the SALT that the username uses.
Not too system taxing, looking for ways to make it even more 'random' but still based on the username and password input.
Counts the number of Vowels in the username and then uses this to change the bit of the SALT that the username uses.
Not too system taxing, looking for ways to make it even more 'random' but still based on the username and password input.
Code: Select all
define('SESSION_SALT','a really really long string at least 3 * the max username length');
function ba_crypt($string) {
return hash('sha512', $string);
}
function ba_password($user,$password) {
$plen = strlen($password);
$ulen = strlen($user);
$uvowels = ba_count_vowels($user);
$salt_len = strlen(SESSION_SALT);
$salt_start = ($salt_len/2)+$uvowels;
$salt_drift = ($salt_len/2)-($ulen-$uvowels+7);
$odd_flag = $salt_start - $salt_drift;
if($odd_flag % 2) {
$salt_drift = $salt_drift * -1;
}
$salt = substr(SESSION_SALT,$salt_start,$salt_drift);
return ba_crypt($salt . $password);
}
function ba_count_vowels($string) {
$vowels=array("a","e","i","o","u");
$length=strlen($string);
$count = 0;
$i = 0;
for ($i = 0; $i < count($vowels); $i++){
for($j=0; $j<$length; $j++){
$char=strtolower(substr($string,$j,1));
if ($char==$vowels[$i]) {
$count++;
}
}
}
return $count;
}