Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

What is SALT in crypt function?

Posted on 2004-09-18
5
653 Views
Last Modified: 2012-05-05
What is SALT and what are it's uses?
0
Comment
Question by:chilled2003
  • 2
  • 2
5 Comments
 
LVL 36

Expert Comment

by:Zyloch
ID: 12090803
Hi chilled2003,

A salt is a random string that you can use with crypt to make it more secure. If you don't include it, PHP will automatically generate a two character salt. However, you can do it yourself, for instance, using microtime() to make the salt--this way, it'll be harder to break.

Regards,
Zyloch
0
 

Author Comment

by:chilled2003
ID: 12090815
yeah but how does it make it more secure?  I read somewhere that one uses a random salt so the result is diff everytime.  that sounded good but wouldnt you need the same salt to unencrypt it?  
0
 
LVL 48

Assisted Solution

by:hernst42
hernst42 earned 25 total points
ID: 12090835
The random salts are used so the same password does not look the same.
The salt is prepended to the crypted password so can get the salt by takeing the first two characters.

So if an attacker get al list of salted password and want to crack the password he must do that with ervery salt-combination.
0
 
LVL 36

Accepted Solution

by:
Zyloch earned 50 total points
ID: 12090844
Mainly, the salt is used to make it more difficult for the person to get the password. crypt() is supposedly a one-way function, meaning you can't decrypt. However, the person can still guess the password, but with a different salt, it's extremely difficult. I correct myself, you don't want microtime() as a salt because it changes. You set something as the salt, then you can use crypt again with that salt to get the same value. A standard example is password checking. The user enters their password, you use crypt with a salt on it and store it in the database. The next time they login, you take their entered password, do crypt with the same salt, and compare it. This way, the password stays secure as even if they get the database version, they can't find the true password.

(You might also want to use SHA1 or MD5 for this as crypt() isn't as secure)
0
 

Author Comment

by:chilled2003
ID: 12090859
Thanks a lot for all the info.  Helps a lot.  :D
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question