homepage Welcome to WebmasterWorld Guest from 54.167.10.244
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Using a salt value
Using a salt value
AimyThomas




msg:4505735
 4:09 am on Oct 9, 2012 (gmt 0)

Hi,

I've been reading up on using a salt value when creating a password to make it more secure, what I can't get my head round is how do you remember this salt value?

I'm guessing that when a user logs in to be able to compare the password entered with the one in the database you would need to again add the salt value to the entered password.

Am I missing something really obvious?

Thanks in Advance

 

phranque




msg:4505844
 8:39 am on Oct 9, 2012 (gmt 0)

the salt is used to encrypt the password and then the salt is stored with the encrypted password so future attempts to authenticate will use the same salt to encrypt.
therefore you can never read the clear-text password in the database but you can match it if you know it.

swa66




msg:4505884
 11:41 am on Oct 9, 2012 (gmt 0)

A salt is added to avoid those laying their hands on your hashes to be able to see hey this one has the same salt as this one, so they have the same password (likely a case of both using "password" as password. Or Of somebody having constructed the hashes of all known words in a dictionary (a so called rainbow table), and hence able to reverse all hashes from all weak passwords with a simple lookup.

Salt: make sure it is *random* (cryptographically random) and long. Just store it along the hash.

user:
password

|
|
v

server:
concatenate password and salt (retrieved from database)
hash the above
very with the stored hash


Upon password change: get a new random salt and hash the concatenation of the new password and the new salt). Sotre the new hash and the new salt.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved