TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Tips & Tricks » Working with Dynamic Cryptography Salts
 
 
LinkBack Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old 09-20-2007, 09:53 AM   #1 (permalink)
La Vida es Sueño
Advanced Programmer Top Contributor 
 
Wildhoney's Avatar
 
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
Wildhoney is on a distinguished road
Smile Working with Dynamic Cryptography Salts
In a previous article which can be viewed here, I made it rather clear that cryptography salts are crucial when using MD5 or SHA1 algorithms. This prevents the hash string from being an easily recognisable hash string. In the article we also mentioned the 2 ways of going about salts: dynamically and statically.

Your members table would have the following columns:
  • id tinyint(8)
  • username varchar(16)
  • salt char(5)
  • password char(32)

You would generate a random ID when the user registered (see article on generating random strings - remember though that a salt does not need to be unique) and store it along with their personal credentials in the database. Upon user registration, you will want to generate the hash algorithm for the password field with the randomly generated salt and then store it.

Now when a user comes to log in you can issue the SQL statement shown below. This will take the salt from the row where the user name matches, and MD5 it along with the password they entered. It will then be checked against the hash string in the database.

Code:
SELECT
	username
FROM
	members
WHERE
	password = MD5(CONCAT(salt, 'buddha'))
The above code is what you would use to log a user into your system. Simple!
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
Send a message via AIM to Wildhoney Send a message via MSN to Wildhoney Send a message via Yahoo to Wildhoney
Wildhoney is offline   		Reply With Quote
 

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 03:49 PM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design