RANGER
Reputation: 1691
Salting a password with a "joined" datetime
I've seen this information in other articles but most were salting with a known value (like a username). Is salting a password with the joined datetime (or an MD5 of the joined datetime) a secure way of further securing credentials if the joined data is not exposed anywhere in the site?
Thanks in advance!
Upvotes: 1
Views: 410
Answers (2)
clusterBuddy
Reputation: 1554
I actually did something like this:
$password = mysqli_real_escape_string($connect, $_POST['password']);
$salt_shaker = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$salted = $password.$salt_shaker;
Upvotes: 0
TaylorOtwell
Reputation: 7337
Salt with a truly random salt instead. Guessing a date based salt seems a little too easy, especially if someone is aware how long the person has been a member of the site.
You could do something like:
$salt = substr(sha1(uniqid(mt_rand(), true)), 0, 16);
Upvotes: 8
Related Questions
- PHP Login with salt+encryption
- PHP hashed & salted password
- Is time() a good salt?
- hashing password with salt
- Am I going the right way to make login system secure with this simple password salting?
- password salt storing
- PHP best way to salt a password in our time
- php salt authentication
- Authenticate a user login with salt
- php secure login