andoneknight
asked on
Password Salt
I am making a database with user information in it. My question is when adding a salt it should be unique/random (In every example i see substr(uniqid... etc)) but - could you just use a salt which is a substr of the MD5 hash of the password itself? Also, the whole idea of hacking the passwords is all good but the literature on it seems to be talking about using rainbow tables on the list of passwords - but if the hacker has hacked into the server to get the list of passwords then those passwords would also be in the same database as the user information so he would also have that anyway surely so wouldnt want the passwords??? (notice below using md5 and sha1 combo - does this increase security?), Viz:
function validateLogin($user,$pass)
{
$sqlSafeUser = this->makeSafe($user);
$sqlSafePass = this->makeSafe($pass);
$hashpass = this->getHashPass($sqlSafePass);
//more code
}
function getHashPass($string)
{
$passLength = count($string);
$salt = substr(md5($string),$passLength,32);
$hashedPass = sha1("/?3".$salt."$%^".$string);
return $hashedPass;
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.