How to generate a random, long salt for use in hashing?

Question

What is a way in PHP to make a random, variable length salt for use in hashing? Let\'s say I want to make a 16-character long salt - how would I do it?

Answer 1

depending on your OS, something like:

$fh=fopen('/dev/urandom','rb');
$salt=fgets($fh,16);
fclose($fh);

Do read up on the behaviour of random and urandom.

While others have correctly pointed out that there some issues with md5 and repeated hashing, for passwords (i.e. relatively short strings) brute force attacks take the same amount of time regardless of how sophisticated the hashing algorithm is.

C.