Can someone point me to a good PHP/MySQL salted hashed password implementation?

Question

After reading about salts password hashing Id like to implement a simple version for an admin area to a site Im building.

If you have any good links with code that have

Answer 1

the code is simple, and dan heberden has already provided it.

a salt is simply a piece of text that you append or prepend to a password before generating a hash. eg, if your password is 'password' and the salt is 'salt' then the hash will be hashFunction('saltpassword') instead of hashFunction('password').

salts are generally used to avoid rainbow password cracks - this is where a large list of passwords and their hashes are checked against the hashed password. eg in the above example, say there is a hash 123456 which corresponds to hashFunction('password'), if the attacker knows your hash is 123456 then they know your password is 'password'.

your salt should be a random string of letters and numbers - eg kjah!!sdf986. it's very very unlikely for someone to have a rainbow table including kjah!!sdf986password so even if someone gets your hashed password then it's kinda useless.

however, you obviously need to use the same salt every time, or at least store the salt as well as the password. because if you pick a random salt every time chances are your hashed salt+password will not be the same :D