I know this may be somewhat a common question, there are SO many articles across the net about generating secure salts for password hashing. So far I've picked up the mcrypt_create_iv is generally used for initialisation vectors for encryption, it can be used to create salt securely especially when used against MCRYPT_DEV_RANDOM.
For some reason despite people having success with it, whenever I use:
$Salt = mcrypt_create_iv(22, MCRYPT_DEV_RANDOM);
Apply it to the hash, then separately input it into the db. When coming back and authenticating and putting it all together... it never seems to work correctly.
Are there some characters that are generated by the mcrypt_create_iv function that aren't compatible with crypt? Because the second I use a somewhat plaintext salt whether generated from a secure source or not.. it works fine. But I would like to make use of the special characters mcrypt uses.
(Also, I am using the $6$ algorithm on crypt so only 16 bytes required for the salt)
Any help would be appreciated!
Thanks :)
