Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts

    help with sha1 salt password

    Hello all

    confused

    I am generating a temp password with this

    PHP Code:
    $pwd mt_rand(10009999); 
    But I want to generate it with this function

    how do I assign $pwd to use this function???


    PHP Code:
    // Password and salt generation
    function PwdHash($pwd$salt null)
    {
        if (
    $salt === null)     {
            
    $salt substr(md5(uniqid(rand(), true)), 0SALT_LENGTH);
        }
        else     {
            
    $salt substr($salt0SALT_LENGTH);
        }
        return 
    $salt sha1($pwd $salt);




    Help welcomed and much appreciated:-)

    LT
    Last edited by low tech; 11-09-2010 at 09:06 AM.

  • #2
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,537
    Thanks
    45
    Thanked 259 Times in 256 Posts
    The biggest issue I see, if you don't know what the salt is (your first if condition), how can you ever compare something to that that generated password?

    Also, having the salt OUTSIDE the hash doesn't make much sense... the point of a salt is that it adds a layer of security, so even if someone knew what encryption method you were using and got the values of your passwords, they couldn't decode them accurately. If you put the salt outside the hash and someone grabs your passwords somehow, they'll see the first so many characters are always the same, and be able to decode much more easily.
    Last edited by Keleth; 11-09-2010 at 06:13 AM.

  • #3
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Thanks Keleth

    I assumed that $salt was =(assigned null)

    PHP Code:
    function PwdHash($pwd$salt null
    I'm obviously wrong so

    I'll take another look

    LT
    Last edited by low tech; 11-09-2010 at 07:31 AM.

  • #4
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi Keleth

    Its ok I think I've worked it out

    what you said made me realise I didn't have the whole picture

    Thanks

    LT
    Last edited by low tech; 11-09-2010 at 07:30 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •