password
Password salting
For a long time most PHP developers protected passwords only with the md5() function. Then people started using salting to protect their users passwords from rainbow tables and other naughty stuff.
The way salting works is that you generate a random string of data, and add this to the password before you pass it to the md5() function. The salt is stored in the database, and when you want to verify a password you fetch the salt and add it to the supplied password.
The most common way to add the salt to the password is something like this:
$hash = md5($salt.$password);
Password hashing the smart way
Simple password hashing using md5() has been used by PHP developers for a long time. However as rainbow tables is getting more and more widely available new methods of protecting a users password is needed. Therefore salting of the password is getting more and more common.
phpSec (a PHP security library) enables you to easily hash passwords in a secure way. Read more in the phpSec manual.
Search
Archive
- December 2011 (5)
- August 2011 (1)
- July 2011 (2)
- March 2011 (1)
- February 2011 (2)
- January 2011 (1)
- August 2009 (3)
- January 2009 (3)
- December 2008 (3)
- September 2008 (1)
User login
