I would just like your feedback on something.
Basically I have a value called $uniqueID which is = ID + First Letter of First Name + First Letter of Last Name + The String “CAN”
I have then turned $uniqueID into a salt value as followed $salt = sha1($uniqueID);
I have then turned the user’s password into a hash value using md5().
I have then stored these two values seperatley in a database using the correct data types.
I was just wondering if this would be a secure way to secure two types of user validation ? The password validation would be done by the user and the $uniqueID would be done via a script.
I won’t be offering a service to remind you of your password you will have to create a brand new one.
I have also implmented some secuirty for the sessions.
In general, a salt is a random value that is unique for each datum it is used for. That means each user should have its own random and unique salt that is used when hashing its password. And don’t use any user information to generate a salt.
You could, for example, use
randanduniqidto generate a random and unique salt for each user:This salt would be both unique and random.