How to generate a random, long salt for use in hashing?

Question

What is a way in PHP to make a random, variable length salt for use in hashing? Let\'s say I want to make a 16-character long salt - how would I do it?

Answer 1

There are two prerequisites for a good salt: It must be long, and it must be random. There are many ways to accomplish this. You could use a combination of microtime and rand, for example, but you might go to even greater lengths to ensure that your salt is unique.

While the chance of a collision is neglible, keep in mind that hashing your salt with MD5 or other collision-prone algorithms will reduce the chance that your salt is unique for no reason.

EDIT: Substitute rand() for mt_rand(). As Michael noted, it's better than rand.