I've been studying/looking about on Google for TOO long and although I find many so-so tutorials, I'm wondering a bit about the "optional SALT" parameter in the (crypt) function within PHP. I have too many tabs open and getting nowhere so, at this point, I figured id just ask for help.
As far as the salt, I read somewhere that if you don't add it, it will be added for you but that this is not good practice. I can't seem to find the "why" it's good/not good. How should this be handled?
I've read a few things here and there about randomizing salts but others say it doesn't matter...again, confusing.
Also I'm having problems checking against the stored data as well. Obviously if I do something like
crypt("pass string here",salt here);
ill get a random string for the pass....so on a user log in, then the value of
$_POST['the entered name/pass etc '];
and checking against the db value for that users pass would always equal to false. So then I suppose that id have to rehash /salt the pass given upon user entry and then test against what's on the db?
Also, I've read throughout the net (but at this point I'm confused) that somehow the salt is stored in the db? and it doesn't have to be hidden?
I can keep going on and on, just lost honestly, I think I've read too much and not sure how to proceed. At this point, What id REALLY prefer is a GOOD link with tutorial if anyone has those resources.
