i am trying to append a randomly generated salt along with my md5 generated password. So how can we recheck the salted password? DO we need to save salt along with the password in the Db. Is this a good approach.
$pass='password';
$salt = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyz'), 0, 12);
echo md5($pass.$salt);
Also please tell me if this is the proper way of salting???
分享 The point of a salt is to avoid rainbow table attacks, or precomputed password hashes. In order to check the old password, you'll need to use the same salt you hashed it with, so you do need to store it, e.g. in the DB.
Md5 isn't a strong crypto hash, and you are probably best using bcrypt. There is a free PHP implementation http://www.openwall.com/phpass/.
That will have much stronger salting, and hashing.
分享
