View Full Version : Resolved help with sha1 salt password

low tech
11-09-2010, 07:00 AM
Hello all


I am generating a temp password with this

$pwd = mt_rand(1000, 9999);

But I want to generate it with this function

how do I assign $pwd to use this function???

// Password and salt generation
function PwdHash($pwd, $salt = null)
if ($salt === null) {
$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
else {
$salt = substr($salt, 0, SALT_LENGTH);
return $salt . sha1($pwd . $salt);

Help welcomed and much appreciated:-)


11-09-2010, 07:11 AM
The biggest issue I see, if you don't know what the salt is (your first if condition), how can you ever compare something to that that generated password?

Also, having the salt OUTSIDE the hash doesn't make much sense... the point of a salt is that it adds a layer of security, so even if someone knew what encryption method you were using and got the values of your passwords, they couldn't decode them accurately. If you put the salt outside the hash and someone grabs your passwords somehow, they'll see the first so many characters are always the same, and be able to decode much more easily.

low tech
11-09-2010, 07:17 AM
Thanks Keleth

I assumed that $salt was =(assigned null)

function PwdHash($pwd, $salt = null)

I'm obviously wrong so

I'll take another look


low tech
11-09-2010, 07:54 AM
Hi Keleth

Its ok I think I've worked it out

what you said made me realise I didn't have the whole picture