salt

I've been using PHP's crypt() as a way to store and verify passwords in my database. I use hashing for other things, but crypt() for passwords. The documentation isn't that good and there seems to be a lot of debate. I'm using blowfish and two salts to crypt a password and store it in the database. Before I would store the salt and the encrypted password, (like a salted hash) but realized its redundant because the salt is part of the encrypted password string. I'm a little confused on how rainbow table attacks would work on crypt() , anyway does this look correct from a security standpoint. I

Is there a significance to the word "salt" for a password salt? micahwittman http://www.derkeiler.com/Newsgroups/comp.security.misc/2003-05/0154.html The use of the word "salt" is probably a reference to warfare in ancient times, when people would salt the wells or farmland to make it less hospitable. The Romans are sometimes supposed to have done this to Carthage in 146 BC. In the context of passwords, a "salted" password is harder to crack. Apparently, there's no strong evidence even for the original "salting" of Carthage ( http://en.wikipedia.org/wiki/Salting_the_earth ) claim, but an

I've made encrypting of the password in my register script and they are stored in the database, and I have to use them to login, so I would want to use the unencrypted ones to login. I've read some of the threads in here but nothing is helping me. How can I add it in my login.php? The salt is also stored in the database. This is my register.php script for encrypting $hash = hash('sha256', $password1); function createSalt() { $text = md5(uniqid(rand(), TRUE)); return substr($text, 0, 3); } $salt = createSalt(); $password = hash('sha256', $salt . $hash); and this is my login.php with season /

I want to implement a salt into my login system but am a bit confused on how this is supposed to work. I can't understand the logic behind it. I understand md5 is a one-way algorithm and all of the functions that I have come across seem to hash everything together. If this is the case, how does one get the password back out for comparison? My biggest question is, how is salting a users' password safer than just hashing the password? If a database was ever to be compromised, the hash along with the salt is in the database. Isn't this all that a hacker would need? I also found another post here

This question already has an answer here: Call to undefined function password_hash() in PHP 5.4 1 answer I developed my site using XAMPP with php 5.5 installed. I just realize that my host only has php 5.4 (cannot update to 5.5 yet). My problem is that I cannot use the new php 5.5 password_hash() feature. Is there an equivalent method for hashing with salt for php 5.4? Is there a way to get this equivalent code (below) to work in php 5.4? $options = [ 'salt' => uniqid(mt_rand(), true), 'cost' => 12 ]; $hash = password_hash($mypassword, PASSWORD_DEFAULT, $options); John Conde Use password

Possible Duplicate: Secure hash and salt for PHP passwords WARNING Don't use MD5 for passwords, use an alternative like bcrypt For my passwords should I use salt like this (the salt will be unique to each user and not stored directly with the password)... $salt = sha1(md5("coders gonna code")); $password = md5($salt.$password); or would it be okay if I just used: $password = md5($password); because if I used salt, even if the user makes up a bad password like password it won't matter because the salt (in this case) would be 145ac26ff093c6e1317f7d5fb4c9fd11c77be975 so the entry for there