Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Salt
#1
It's like securing the secured.

[lua]

function createSalt()
{
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt - createSalt();
$hash = hash('sha256', $salt . $hash);
[/lua]

Use it, love it. Be secure kids.
[Image: chaosthegreat.png]
Reply
#2
Creating a random salt each time will make your hashes useless, for they need to have the same salt, all of them.
Reply
#3
I'm hashing the hashed. Which basically makes passwords in my database almost impossible to hack.
[Image: chaosthegreat.png]
Reply
#4
And also impossible to be of any use.

When you hash something, you expect the hash of that thing to be the same every time, else it's useless.
Reply
#5
Whatever you say...
[Image: chaosthegreat.png]
Reply
#6
Here's why:

Because when you hash a password, you then check it against the hash in the database. If they're equal, you let the user log in.
Reply
#7
Hm, I see what you mean. But I used it and my script so far works fine.
[Image: chaosthegreat.png]
Reply
#8
So you're saving the password to a database and then checking it when the user tries to login?
Reply
#9
I'm putting there info that they register with into the database, then when they log in I check id the original password's match.. I'm not completely encrypting the passwords for them. Just so when I go into the database I don't see it. So if a hacker hacks me, they wont see the password's.
[Image: chaosthegreat.png]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)