Menu
Does this look like a safe salt to use with a password? Any improvements or suggestions or obvious flaws?
$salt = '';
for ($i = 0; $i < 50; $i++) {
$salt .= chr(rand(33, 126));
}
730
You don't need to make salts really long and it's not important that they be cryptographically secure. The point of salts is simply to make rainbow table attacks harder as you no longer have a 1-to-1 mapping between passwords and hashes. (They also keep administrators with wandering eyes from seeing 482c811da5d5b4bc6d497ffa98491e38 in the database and then knowing Joe's password is "password123".)
Even a 4-byte salt would be more than sufficient as you'd now have 232 ≈ 4 billion potential hashes for any password.
74
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
