extrovertive Posted August 12, 2006 Share Posted August 12, 2006 I'm using MD5 to hash passwords stored in a database.However, as I insert test entries using the same password, I see the same hash value. That means, if I know my password and if another user has the same hash value in the database, that person has the same database as me. How do I make MD5 hashing value all different even if users enter the same password? How does adding a salt to MD5 in PHP work? Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/ Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 [code]<?php$salt="dsjfwngngiu3w";$pass=$_POST['password'];$hash=md5($salt.$pass);?>[/code]Orio. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73617 Share on other sites More sharing options...
GingerRobot Posted August 12, 2006 Share Posted August 12, 2006 Err, why is ths a problem? If someone has access to your database then you should be worried.Perhaps ive misunderstood. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73618 Share on other sites More sharing options...
Prismatic Posted August 12, 2006 Share Posted August 12, 2006 I honestly dont see the problem. It's entirely possible I have the same password as someone on these very forums, that doesn't instantly give me access to their account, because I dont know who if anyone has the same password as me to begin with. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73621 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 I think what he entered to the table was just md5($salt). that's why everything looks the same. Take a look at my first post. This is the way it should be done.Orio. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73633 Share on other sites More sharing options...
Guest huey4657 Posted August 12, 2006 Share Posted August 12, 2006 Hi,I am very interested in what 'salt' means/does could someone please elaborate, thks. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73636 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 Salt is a string you add to every password (there are alot of methods doing that) before you hash it, so if someone will get the md5 password of someone he will have a harder time cracking it.Orio. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73643 Share on other sites More sharing options...
Guest huey4657 Posted August 12, 2006 Share Posted August 12, 2006 So can this salt string be any characters you wish to put in the string or does there have to be a fixed length or types of characters Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73645 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 Just a random string. In my example salt was:$salt="dsjfwngngiu3w";You can make it even more complex with things like:$salt_a="jgweg";$salt_b="439683nfg";$hash=md5($salt_a.$password.$salt_b);You just have to keep in mind that every time a user log's in you need to add those strings before and after the password inorder it to match the one in the database.Orio. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73647 Share on other sites More sharing options...
Guest huey4657 Posted August 12, 2006 Share Posted August 12, 2006 Cool. I guess you would want to place the salt within an hidden file or that would defeat the object of salt? Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73649 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 Just place it in you script, or in a included file (with a php extension).Orio. Quote Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73651 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.