14

What is a way in PHP to make a random, variable length salt for use in hashing? Let's say I want to make a 16-character long salt - how would I do it?

T.Rob
  • 31,522
  • 9
  • 59
  • 103
Tony Stark
  • 24,588
  • 41
  • 96
  • 113

4 Answers4

60

edit: the mcrypt extension has been deprecated. For new projects take a look at
random_bytes ( int $length )
and the sodium (as of php 7.2 core-)extension.

If the mcrypt extension is available you could simply use mcrypt_create_iv(size, source) to create a salt.

$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
var_dump($iv);

Since each byte of the "string" can be in the range between 0-255 you need a binary-safe function to save/retrieve it.

VolkerK
  • 95,432
  • 20
  • 163
  • 226
  • 6
    By far the best answer in this thread. A cryptographic PRNG is the way to go. – CodesInChaos Aug 26 '12 at 13:39
  • 2
    This really should be the accepted answer. For the sakes of your own security, do not use XUE Can's suggestion of unique_md5. – Andrew Weir Oct 03 '12 at 11:33
  • perfect for newbie like me, this is easy to understand and much simpler to use, I'm using it on XAMPP as of now. – bonesnatch Feb 04 '14 at 05:48
  • @VolkerK Hi there. `mcrypt_create_iv` seems the way to go, but is no longer supported in PHP 7.1.0. Any alternatives? Thank you – slevin Oct 02 '17 at 13:57
  • This has been deprecated. Now use http://docs.php.net/manual/en/function.random-bytes.php – Rodrigo Dec 27 '17 at 22:12
3

depending on your OS, something like:

$fh=fopen('/dev/urandom','rb');
$salt=fgets($fh,16);
fclose($fh);

Do read up on the behaviour of random and urandom.

While others have correctly pointed out that there some issues with md5 and repeated hashing, for passwords (i.e. relatively short strings) brute force attacks take the same amount of time regardless of how sophisticated the hashing algorithm is.

C.

symcbean
  • 47,736
  • 6
  • 59
  • 94
2

Here is I found a function to generate random string:

/* random string */
function rand_string( $length ) {
    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";  
    $size = strlen( $chars );
    for( $i = 0; $i < $length; $i++ ) {
        $str .= $chars[ rand( 0, $size - 1 ) ];
    }
    return $str;
}
Raksmey
  • 49
  • 1
0

There are two prerequisites for a good salt: It must be long, and it must be random. There are many ways to accomplish this. You could use a combination of microtime and rand, for example, but you might go to even greater lengths to ensure that your salt is unique.

While the chance of a collision is neglible, keep in mind that hashing your salt with MD5 or other collision-prone algorithms will reduce the chance that your salt is unique for no reason.

EDIT: Substitute rand() for mt_rand(). As Michael noted, it's better than rand.

Johannes Gorset
  • 8,715
  • 4
  • 36
  • 34
  • @FRKT: do i need to put a salt for crypt()? the syntax is crypt(password, salt) where salt is optional but it seems to determine which variant of crypt is used and i don't know how much that affects security. http://php.net/manual/en/function.crypt.php – Tony Stark Feb 10 '10 at 08:59
  • @hatorade: The manual says about the salt parameter: "An optional salt string to base the encryption on. If not provided, one will be randomly generated by PHP each time you call this function." – VolkerK Feb 10 '10 at 09:55
  • Neither `rand` nor `mt_rand()` is a cryptographic PRNG. – CodesInChaos Aug 26 '12 at 13:32