php - is this ok? salting -


Hey I want to input my input on this

I use it to generate unique salts for each For my users, when they register (random letters and numbers) how big is the opportunity that salts will be ready?

uniqid (mt_rand ());

Then I use hash salt, password and email (in the same order) as a password to MD5 and when they log in.

  md5 ($ salt. $ Password. $ Email);  

How safe is just compared to MD5? Can I do anything better?

  If there is no user present (`id` middle finger (8) signed faucet AUTONCRMant, 'userman' varchar (24) character set utf 8 ft, password` varchar (32) character set utf8 No, zero, `email` varchar (255) character set utf8 not zero, 'salt' varchar (255) character set utf8 zero, primary key (` id`), unique key 'username' (`username ' ), Unique key `email` (` email`)) engine = mice default charset = latin1 aUTO_INCREMENT = 1;  

I will not use the email address in password hash. If a person changes his email address, then the head invalidates the password and in this way you have to change your password every time you change your email address. I usually use one salt per user and one salt per application (fixed for all users). In this way an attacker will need access to both your application and your user database to gain access.

  $ hash = MD5 ($ per_user_salt. $ Password. $ App_salt);  

Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -