What is the password salt in database and how should I use it with codeigniter?

Asked Jun 12 '14 at 07:24

Active Jun 12 '14 at 07:24

Viewed 534 times

I was working on the new membership project. And when I looking at the database design there is a password_salt field , which is VARCHAR(20). In my previous project I just encrypt the password with md5, it is not secure .

 $save['password'] = md5($this->input->post('password'));

I found some code to generate a salt , it seems to be just generate a random string, but what is the suitable size, is it sufficient to use VARCHAR(20)?

protected function _create_salt()
{
    $this->CI->load->helper('string');
    return sha1(random_string('alnum', 20));
}

Also, It would be highly appreciate if there is code example of

1) using salt to validate
2) using salt to hash the password so that it can save to database

Thanks.

asked Jun 12 '14 at 07:24

user782104

13,233
55
172
312

1

Must Read: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords?rq=1 – Hanky Panky Jun 12 '14 at 07:25
would be nice if there is some codeigniter example – user782104 Jun 12 '14 at 07:31
The framework is irrelevant, there's no CodeIgniter-specific example. – Narf Jun 12 '14 at 08:07
@user782104 would be nice if you would show the CI code where you want to use the salt. – user20232359723568423357842364 Jun 12 '14 at 13:42
sha1 returns 40 characters, if you want to store it, you're probably looking for CHAR(40) instead of VARCHAR(40) since you'll always end-up with the same length. – ahmad Jun 12 '14 at 14:22

What is the password salt in database and how should I use it with codeigniter?

0 Answers0