+- 2DWorlds Forums (http://2dworlds.buildism.net/forum)
+-- Forum: Off Topic (http://2dworlds.buildism.net/forum/forumdisplay.php?fid=5)
+--- Forum: Programming (http://2dworlds.buildism.net/forum/forumdisplay.php?fid=30)
+--- Thread: Salt (/showthread.php?tid=7246)
Salt - Chaos - 07-26-2011
It's like securing the secured.
[lua]
function createSalt()
{
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt - createSalt();
$hash = hash('sha256', $salt . $hash);
[/lua]
Use it, love it. Be secure kids.
RE: Salt - noob007 - 07-27-2011
Creating a random salt each time will make your hashes useless, for they need to have the same salt, all of them.
RE: Salt - Chaos - 07-27-2011
I'm hashing the hashed. Which basically makes passwords in my database almost impossible to hack.
RE: Salt - noob007 - 07-27-2011
And also impossible to be of any use.
When you hash something, you expect the hash of that thing to be the same every time, else it's useless.
RE: Salt - Chaos - 07-27-2011
Whatever you say...
RE: Salt - noob007 - 07-27-2011
Here's why:
Because when you hash a password, you then check it against the hash in the database. If they're equal, you let the user log in.
RE: Salt - Chaos - 07-27-2011
Hm, I see what you mean. But I used it and my script so far works fine.
RE: Salt - noob007 - 07-27-2011
So you're saving the password to a database and then checking it when the user tries to login?
RE: Salt - Chaos - 07-27-2011
I'm putting there info that they register with into the database, then when they log in I check id the original password's match.. I'm not completely encrypting the passwords for them. Just so when I go into the database I don't see it. So if a hacker hacks me, they wont see the password's.