Solved

What is SALT in crypt function?

Posted on 2004-09-18
5
650 Views
Last Modified: 2012-05-05
What is SALT and what are it's uses?
0
Comment
Question by:chilled2003
  • 2
  • 2
5 Comments
 
LVL 36

Expert Comment

by:Zyloch
ID: 12090803
Hi chilled2003,

A salt is a random string that you can use with crypt to make it more secure. If you don't include it, PHP will automatically generate a two character salt. However, you can do it yourself, for instance, using microtime() to make the salt--this way, it'll be harder to break.

Regards,
Zyloch
0
 

Author Comment

by:chilled2003
ID: 12090815
yeah but how does it make it more secure?  I read somewhere that one uses a random salt so the result is diff everytime.  that sounded good but wouldnt you need the same salt to unencrypt it?  
0
 
LVL 48

Assisted Solution

by:hernst42
hernst42 earned 25 total points
ID: 12090835
The random salts are used so the same password does not look the same.
The salt is prepended to the crypted password so can get the salt by takeing the first two characters.

So if an attacker get al list of salted password and want to crack the password he must do that with ervery salt-combination.
0
 
LVL 36

Accepted Solution

by:
Zyloch earned 50 total points
ID: 12090844
Mainly, the salt is used to make it more difficult for the person to get the password. crypt() is supposedly a one-way function, meaning you can't decrypt. However, the person can still guess the password, but with a different salt, it's extremely difficult. I correct myself, you don't want microtime() as a salt because it changes. You set something as the salt, then you can use crypt again with that salt to get the same value. A standard example is password checking. The user enters their password, you use crypt with a salt on it and store it in the database. The next time they login, you take their entered password, do crypt with the same salt, and compare it. This way, the password stays secure as even if they get the database version, they can't find the true password.

(You might also want to use SHA1 or MD5 for this as crypt() isn't as secure)
0
 

Author Comment

by:chilled2003
ID: 12090859
Thanks a lot for all the info.  Helps a lot.  :D
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
This article discusses four methods for overlaying images in a container on a web page
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

774 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question