extrovertive Posted August 12, 2006 Share Posted August 12, 2006 I'm using MD5 to hash passwords stored in a database.However, as I insert test entries using the same password, I see the same hash value. That means, if I know my password and if another user has the same hash value in the database, that person has the same database as me. How do I make MD5 hashing value all different even if users enter the same password? How does adding a salt to MD5 in PHP work? Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/ Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 [code]<?php$salt="dsjfwngngiu3w";$pass=$_POST['password'];$hash=md5($salt.$pass);?>[/code]Orio. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73617 Share on other sites More sharing options...
GingerRobot Posted August 12, 2006 Share Posted August 12, 2006 Err, why is ths a problem? If someone has access to your database then you should be worried.Perhaps ive misunderstood. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73618 Share on other sites More sharing options...
Prismatic Posted August 12, 2006 Share Posted August 12, 2006 I honestly dont see the problem. It's entirely possible I have the same password as someone on these very forums, that doesn't instantly give me access to their account, because I dont know who if anyone has the same password as me to begin with. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73621 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 I think what he entered to the table was just md5($salt). that's why everything looks the same. Take a look at my first post. This is the way it should be done.Orio. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73633 Share on other sites More sharing options...
Guest huey4657 Posted August 12, 2006 Share Posted August 12, 2006 Hi,I am very interested in what 'salt' means/does could someone please elaborate, thks. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73636 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 Salt is a string you add to every password (there are alot of methods doing that) before you hash it, so if someone will get the md5 password of someone he will have a harder time cracking it.Orio. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73643 Share on other sites More sharing options...
Guest huey4657 Posted August 12, 2006 Share Posted August 12, 2006 So can this salt string be any characters you wish to put in the string or does there have to be a fixed length or types of characters Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73645 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 Just a random string. In my example salt was:$salt="dsjfwngngiu3w";You can make it even more complex with things like:$salt_a="jgweg";$salt_b="439683nfg";$hash=md5($salt_a.$password.$salt_b);You just have to keep in mind that every time a user log's in you need to add those strings before and after the password inorder it to match the one in the database.Orio. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73647 Share on other sites More sharing options...
Guest huey4657 Posted August 12, 2006 Share Posted August 12, 2006 Cool. I guess you would want to place the salt within an hidden file or that would defeat the object of salt? Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73649 Share on other sites More sharing options...
Orio Posted August 12, 2006 Share Posted August 12, 2006 Just place it in you script, or in a included file (with a php extension).Orio. Link to comment https://forums.phpfreaks.com/topic/17324-md5-and-different-hash-values/#findComment-73651 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.