Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
i am trying to append a randomly generated salt along with my md5 generated password. So how can we recheck the salted password? DO we need to save salt along with the password in the Db. Is this a good approach.
$pass='password';
$salt = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyz'), 0, 12);
echo md5($pass.$salt);
Also please tell me if this is the proper way of salting???
The point of a salt is to avoid rainbow table attacks, or precomputed password hashes. In order to check the old password, you’ll need to use the same salt you hashed it with, so you do need to store it, e.g. in the DB.
Md5 isn’t a strong crypto hash, and you are probably best using bcrypt. There is a free PHP implementation http://www.openwall.com/phpass/.
That will have much stronger salting, and hashing.