1,105,380 Community Members

Random Salts

Member Avatar
dschuett
Junior Poster
124 posts since Aug 2010
Reputation Points: -1 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 

I have been doing some research on how to go about using a random salt per user's password. There are a few things that I am still unsure about. It is easy enough to store a random hash using something as the following:

<?php
$password = 'MySuperSectretPassword!';

$salt = substr(sha1(md5(uniqid(rand(), true))), 0, 24);
$CryptedPassword = crypt($password, $salt);
?>

The part that I am confused about is how to keep track of what salts go with each user. Is it safe to store the salt in the database along with the user's password? (I would think not)

** If I am going about my salt generation and/or concept in the wrong way, please let me know.

I found this article on using crypt with sha512, but I just don't understand why you would want to use that since you can easily tell by looking at the password what they are doing to salt the password: "$6$rounds=5000$4d2c68c2ef979$". However, I do understand that they are using uniqid() which makes it pretty tough, but it's just the thought.

Please excuse my ignorance on the subject; I guess that's why i'm asking for a better explanation here :)

Thanks in advance!

Member Avatar
iamthwee
Posting Sage
7,081 posts since Aug 2005
Reputation Points: 1,307 [?]
Q&As Helped to Solve: 596 [?]
Skill Endorsements: 74 [?]
Featured
 
0
 
Member Avatar
dschuett
Junior Poster
124 posts since Aug 2010
Reputation Points: -1 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks! - That clears things up quite a bit.

Question Answered as of 2 Years Ago by iamthwee
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: