Password encription? (Salt)

[eluser]Rodrigo Graça[/eluser]
I know that I could use a simple md5 or sha1 but I do not like that!


So I normally store the passwords like this:

$salt = "a9fsd68hff6525sf840'd2904af8bf8246e7aa3387c";
$this->db->where('password', sha1(($this->input->post('pwd')) . $salt));

By other words I store a sha1 hash of the password with some salt ("random" characters).

My problem is that I need to create the $salt variable each time that I need to use it.

So I want to know how can I improve my code?
Creating a config? $config['salt'] ='a9fsd68hff6525sf840'd2904af8bf8246e7aa3387c';

Can I / Should I use the encryption key? ( $config['encryption_key'] )

There are any other way? How do you do it?

Thanks to everybody!

[eluser]solid9[/eluser]
Have you tried random() in PHP ?

Yes you can use $config['encryption_key'] for encryption.

[eluser]Rodrigo Graça[/eluser]
Random();

or rand(); ?

Something like rand(2, 5); ? for what? i want to use always the same "salt"! (If i do not use the same it will not work)

Are you confused because i used the word "random" ?

Thanks!

[eluser]LuckyFella73[/eluser]
You can use a random salt - you just have to store it
you db table too. Here is a post that might help you:

http://ellislab.com/forums/viewthread/205169/

[eluser]Aken[/eluser]
Use a better password hasher - sha1() is not all that secure. https://github.com/segersjens/CodeIgnite...ss-Library