Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is SALT and how do i use it?

Tags:

php

salt

I have been searching around and I am still unsure of what a "salt" is and how to use/implement it. Sorry for the noobish question, I am self learning php.

like image 622
Drewdin Avatar asked Apr 07 '11 16:04

Drewdin


People also ask

How do you use salt?

When seasoning during cooking, whether or not the recipe calls for a specific amount of salt, avoid scooping some up with a spoon and dumping it into the dish (or worse, using a salt shaker). Instead, add the salt to your hand and use your fingers to sprinkle it in.

What is salt used for at home?

Salt Uses & Tips: Health & BeautyGargling - Stir 1/2 teaspoon salt in an 8-ounce glass of warm water for use as a gargle for sore throats. Cleaning teeth - Mix one part salt to two parts baking soda after pulverizing the salt in a blender or rolling it on a kitchen board with a tumbler before mixing.


1 Answers

I am definitely not an expert, but the really short answer is that "salting" a line of text means to stick a few extra characters on the end of it. You could salt "salt" with "abcdefg" to get "saltabcdefg". This might be useful if "salt" happens to be a password that you'd like to make more difficult to guess.

Typically, the password+salt are transformed ('hashed') by some difficult-to-reverse process into a completely different string. This transformed string is then stored as the password, together with the plaintext of the salt, and the original plain text of the password proper is tossed away. When you want to check that someone has input the correct password, you combine whatever they've typed in with the salt that's listed in the password file and then hash the result. If the result matches the password hash you have on record, then you know that they've put in the right password.

Implementing a salt can be as easy as picking a string to serve as the salt and then making sure you keep track of it. But, you could vary the salt with each password, and then you'll have to have a way of keeping track of password+salt combinations as well as generating the variations. Of course, you'll probably also want to hash the password rather than saving the password's plain text, and so you'll have to pick a hash function. At this point, the problem has proceeded from salting proper to implementing a password security scheme.

For PHP, you might want to look at how some of the frameworks have implemented this. Two quick links, for CakePHP and Zend, respectively:

http://www.jotlab.com/2010/04/18/cakephp-rainbow-table-protection-behaviour/

http://www.zimuel.it/blog/2009/07/build-a-secure-login-with-zend-framework/

like image 181
Approximately Linear Avatar answered Oct 10 '22 09:10

Approximately Linear