Password encription? (Salt) |
[eluser]Rodrigo Graça[/eluser]
I know that I could use a simple md5 or sha1 but I do not like that! So I normally store the passwords like this: $salt = "a9fsd68hff6525sf840'd2904af8bf8246e7aa3387c"; $this->db->where('password', sha1(($this->input->post('pwd')) . $salt)); By other words I store a sha1 hash of the password with some salt ("random" characters). My problem is that I need to create the $salt variable each time that I need to use it. So I want to know how can I improve my code? Creating a config? $config['salt'] ='a9fsd68hff6525sf840'd2904af8bf8246e7aa3387c'; Can I / Should I use the encryption key? ( $config['encryption_key'] ) There are any other way? How do you do it? Thanks to everybody!
[eluser]solid9[/eluser]
Have you tried random() in PHP ? Yes you can use $config['encryption_key'] for encryption.
[eluser]Rodrigo Graça[/eluser]
Random(); or rand(); ? Something like rand(2, 5); ? for what? i want to use always the same "salt"! (If i do not use the same it will not work) Are you confused because i used the word "random" ? Thanks!
[eluser]LuckyFella73[/eluser]
You can use a random salt - you just have to store it you db table too. Here is a post that might help you: http://ellislab.com/forums/viewthread/205169/
[eluser]Aken[/eluser]
Use a better password hasher - sha1() is not all that secure. https://github.com/segersjens/CodeIgnite...ss-Library |
Welcome Guest, Not a member yet? Register Sign In |