TalkPHP - View Single Post

adamdecaf · 08-26-2009, 11:38 PM

I've been wondering this for a while.

The longer the salt the better, right?
What is the best way to use a salt?**

** -
Which way would be best?

PHP Code:


			
$pw = $_POST['pass'];

$salt = gen_salt(16); // Function to create a random string of [a-zA-Z0-9{Plus symbols}].

$salt_big = gen_salt(32);



// First

$pass = sha1($salt . $pw . $salt);



// Second

$pass = sha1(substr($salt, 0, 8) . $pw . substr($salt, 9, 8));



// Third

$pass = sha1($salt_big . $pw . $salt_big);



// Fourth

$pass = sha1(substr($salt_big, 0, 16) . $pw . substr($salt_big, 17, 16));



// Fifth

// Note, $mcyrpt would be a class that has the mcrypt() encryptions.

$pass = sha1($salt . $mcrypt->blowfish($pw) . $salt);

$pass = sha1($mcrypt->blowfish($salt) . $mcrypt->blowfish($pw) . $mcrypt->blowfish($salt));

Or is there some even better way?

08-26-2009, 11:38 PM	#1 (permalink)
adamdecaf The Addict Join Date: May 2009 Posts: 287 Thanks: 5	Best way to use salts? I've been wondering this for a while. The longer the salt the better, right? What is the best way to use a salt? - Which way would be best? PHP Code: $pw = $_POST['pass']; $salt = gen_salt(16); // Function to create a random string of [a-zA-Z0-9{Plus symbols}]. $salt_big = gen_salt(32); // First $pass = sha1($salt . $pw . $salt); // Second $pass = sha1(substr($salt, 0, 8) . $pw . substr($salt, 9, 8)); // Third $pass = sha1($salt_big . $pw . $salt_big); // Fourth $pass = sha1(substr($salt_big, 0, 16) . $pw . substr($salt_big, 17, 16)); // Fifth // Note, $mcyrpt would be a class that has the mcrypt() encryptions. $pass = sha1($salt . $mcrypt->blowfish($pw) . $salt); $pass = sha1($mcrypt->blowfish($salt) . $mcrypt->blowfish($pw) . $mcrypt->blowfish($salt)); Or is there some even better way? __________________ My Site