Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 672
  • Last Modified:

What is SALT in crypt function?

What is SALT and what are it's uses?
0
chilled2003
Asked:
chilled2003
  • 2
  • 2
2 Solutions
 
ZylochCommented:
Hi chilled2003,

A salt is a random string that you can use with crypt to make it more secure. If you don't include it, PHP will automatically generate a two character salt. However, you can do it yourself, for instance, using microtime() to make the salt--this way, it'll be harder to break.

Regards,
Zyloch
0
 
chilled2003Author Commented:
yeah but how does it make it more secure?  I read somewhere that one uses a random salt so the result is diff everytime.  that sounded good but wouldnt you need the same salt to unencrypt it?  
0
 
hernst42Commented:
The random salts are used so the same password does not look the same.
The salt is prepended to the crypted password so can get the salt by takeing the first two characters.

So if an attacker get al list of salted password and want to crack the password he must do that with ervery salt-combination.
0
 
ZylochCommented:
Mainly, the salt is used to make it more difficult for the person to get the password. crypt() is supposedly a one-way function, meaning you can't decrypt. However, the person can still guess the password, but with a different salt, it's extremely difficult. I correct myself, you don't want microtime() as a salt because it changes. You set something as the salt, then you can use crypt again with that salt to get the same value. A standard example is password checking. The user enters their password, you use crypt with a salt on it and store it in the database. The next time they login, you take their entered password, do crypt with the same salt, and compare it. This way, the password stays secure as even if they get the database version, they can't find the true password.

(You might also want to use SHA1 or MD5 for this as crypt() isn't as secure)
0
 
chilled2003Author Commented:
Thanks a lot for all the info.  Helps a lot.  :D
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now