NamePros.Com (http://www.namepros.com/)
-   CODE (http://www.namepros.com/code/)
-   -   Adding a SALT to your passwords (http://www.namepros.com/code/114742-adding-a-salt-to-your-passwords.html)

Outer 08-11-2005 11:28 AM
Adding a SALT to your passwords
 
Well, adding SALT's to your passwords are basically an added security type of thing.

Usually people just add them to the back or front of the string or something of the sort. I broke up the password and salt and put them "side" of each other basically.

This script breaks up the md5 32-bit md5 password, adds a random SALT to it if you dont already have a SALT, then combines them and returns a 64-bit virtually unbreakable password (ofc anything can be broken, thats why I said "virtually" :P)

PHP Code:
<?php
function add_salt ($password, $salt = FALSE)
{
    // The number of characters you want in each piece of the array
    $char_num = 4;
    // The $password variable MUST be md5 BEFORE it is run through the script
    // This splits the string into arrays of 4 characters
    $string = str_split($password, $char_num);

    if ($salt == FALSE)
    {
        // Create your own SALT
        // We use MD5 on this method also to make sure its 32 characters
        // This also makes it EXTREMELY harder to guess!
        $salt = md5(uniqid(rand(), true));
    }
    
    // Now that the SALT is set or was already set, we can now divide the salt and
    //  start alternating entering the data
    $salt = str_split($salt, $char_num);
    
    $i = 0; // set it for the SALT identifier
    foreach ($string AS $part)
    {
        $final_password[] = $part.$salt[$i];
        $i++;
    }
    
    return implode($final_password);
}

$password = add_salt(md5("This is a password"));
echo $password;

?>


When using this with a DB, just add a field in the users table named SALT and insert the SALT when it is created. You will need to add some kind of user identifier with that also

Amnezia 08-11-2005 12:26 PM
very nice post! thanks for sharing

allabout42 12-07-2005 10:22 PM
Hmmm, this code script can be useful, thanks!

axilant 12-07-2005 10:29 PM
Before anyone goes and tries this, the function str_split() requires php5.

http://us2.php.net/str_split

PHP Code:
if (!function_exists('str_split')){
     function str_split($string, $split_length=1){

         if ($split_length < 1){
           return false;
         }

         for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length){
           $chunks[] = substr($string, $pos, $split_length);
         }
         return $chunks;
     }
   }

(first post on php.net documentation for str_split)

Just add that to your file before you go and use this on versions of php below 5.

Nice post :)

Cody

snareklutz 12-08-2005 02:57 AM
So why not just do

PHP Code:
$password = md5(sometext.$password);

Joe 12-08-2005 09:52 AM
Originally Posted by axilant
Before anyone goes and tries this, the function str_split() requires php5.

http://us2.php.net/str_split

PHP Code:
if (!function_exists('str_split')){
     function str_split($string, $split_length=1){

         if ($split_length < 1){
           return false;
         }

         for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length){
           $chunks[] = substr($string, $pos, $split_length);
         }
         return $chunks;
     }
   }

(first post on php.net documentation for str_split)

Just add that to your file before you go and use this on versions of php below 5.

Nice post :)

Cody



cool, thanks for mentioning that!

.:Mammoth261:. 12-09-2005 08:42 AM
Nice work, ill check it out, maybe use it soon for some things i will be working on :p

skrilla 12-09-2005 09:06 AM
very nice.. thank you :)

iNod 12-09-2005 12:46 PM
Originally Posted by snareklutz
So why not just do

PHP Code:
$password = md5(sometext.$password);



PHP Code:
$password = md5("sometext".$password;


SALT is random characters. You can do that if you want.

iNod.

theparrot 12-09-2005 04:16 PM
Originally Posted by Outer
Well, adding SALT's to your passwords are basically an added security type of thi

if you dont already have a SALT, then combines them and returns a 64-bit virtually unbreakable password (ofc anything can be broken, thats why I said "virtually" :P)



a salt does not make a password more unbreakable, it reduces the damage when one is broken as you can't reuse the same attack vectors on multi passwords at the same time.

Also, md5 should no longer be used.

maples 12-09-2005 04:24 PM
that's very useful. thank you

Immersion 12-12-2005 11:59 AM
thanks, i might try that. Now i jsut need to work out all about functions.

axilant 12-12-2005 01:49 PM
Originally Posted by theparrot
a salt does not make a password more unbreakable, it reduces the damage when one is broken as you can't reuse the same attack vectors on multi passwords at the same time.

Also, md5 should no longer be used.




Agreed. md5 can be cracked. Yep. It can be.

I suggest you all start using sha1 or sha2
http://php.net/sha1


All times are GMT -7. The time now is 09:53 PM.
Site Sponsors
Advertise your business at NamePros

Powered by: vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 2.4.0