Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does this look like a safe salt to use with a password? Any improvements or suggestions or obvious flaws?
$salt = '';
for ($i = 0; $i < 50; $i++) {
$salt .= chr(rand(33, 126));
}
You don’t need to make salts really long and it’s not important that they be cryptographically secure. The point of salts is simply to make rainbow table attacks harder as you no longer have a 1-to-1 mapping between passwords and hashes. (They also keep administrators with wandering eyes from seeing 482c811da5d5b4bc6d497ffa98491e38 in the database and then knowing Joe’s password is “password123”.)
Even a 4-byte salt would be more than sufficient as you’d now have 232 ≈ 4 billion potential hashes for any password.