security

09
Sep
2011
tulvit

MD5 Hashing and Salt

md5 hash can be easily cracked by using Rainbow Tables. So, pure md5 hash must be using only for checking data integrity and not for security purposes.

However, by using "salt" it's become impossible to reverse md5 and get the original data, which means that this method can be used to encipher passwords and other important information.

Salt is just a some random bits, for instance some text or even image.

So, instead of

  1. <?php
  2. $pwd = 'my_pwd';
  3. $hash = md5($pwd);
  4. ?>

we should use something like this

  1. <?php
  2. $salt = 'some text';
  3. $pwd = 'my_pwd';
  4. $hash = md5($pwd . $salt);
  5. ?>

or like this

  1. <?php
  2. $salt = 'some text';
  3. $pwd = 'my_pwd';
  4. $hash = md5(md5($pwd) . $salt);
  5. ?>

or even like this

  1. <?php
  2. $salt = 'some text';
  3. $pwd = 'my_pwd';
  4. $hash = md5(md5($pwd . $salt) . $salt);
  5. ?>
Tags: 
md5
cryptography
security
Category: 
PHP
8