Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m trying to correctly do a per user and site wide salt for my passwords. Here’s what I’ve got:
require('../../salt.php'); //this is above the web root and provides $salt variable
$pw = mysql_real_escape_string($_POST['pw']);
$per_user_salt = uniqid(mt_rand());
$site_salt = $salt //from salt.php that was required on first line
$combine = $pw . $per_user_salt . $site_salt;
$pw_to_put_in_db = hash("sha512", $combine);
Is this right? Thanks
Based on comments here is what I’m going to do:
Change my
$combineto something that is unique per user but not stored in db. So something like:$combine = $pw . md5($pw) . 'PoniesAreMagical' . $site_salt . md5($pw);, etc etc etc… Thanks for the help…So – for those of you trying to figure out how to do this for the first time (like me)… its all about the algorithm… make something obscure, unique, difficult to figure out; because if someone wants to get into your system, they are going to have to figure this out. Thanks to all for awesome comments.