Hello all

confused

I am generating a temp password with this

$pwd = mt_rand(1000, 9999);

But I want to generate it with this function

how do I assign $pwd to use this function???


// Password and salt generation
function PwdHash($pwd, $salt = null)
{
if ($salt === null) {
$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
}
else {
$salt = substr($salt, 0, SALT_LENGTH);
}
return $salt . sha1($pwd . $salt);
}




Help welcomed and much appreciated:-)

LT

The biggest issue I see, if you don't know what the salt is (your first if condition), how can you ever compare something to that that generated password?

Also, having the salt OUTSIDE the hash doesn't make much sense... the point of a salt is that it adds a layer of security, so even if someone knew what encryption method you were using and got the values of your passwords, they couldn't decode them accurately. If you put the salt outside the hash and someone grabs your passwords somehow, they'll see the first so many characters are always the same, and be able to decode much more easily.

Thanks Keleth

I assumed that $salt was =(assigned null)

function PwdHash($pwd, $salt = null)

I'm obviously wrong so

I'll take another look

LT

Hi Keleth

Its ok I think I've worked it out

what you said made me realise I didn't have the whole picture

Thanks

LT