encrypt string+salt

[RobertP]

any visible issues ?

private function encrypt($string,$salt){
return utf8_encode(hash('sha256',substr($salt,(int)(floor(strlen($salt)/2))).$string.substr($salt,0,(int)((floor(strlen($salt)/2))*-1))));
}

 

edit: example

 

$string = 'password';
$salt = '12345678';
the script will encrypt the password as $string = '1234password5678';

[requinix]

1. That's hashing, not encryption.

2. Actually it would hash "1234password1234". Remove the ",0" in the second call to substr() to fix that.

[scootstah]

Why make the salt only numbers? It would be more secure with 0-9a-zA-Z.

 

hash_hmac() is better too.

[RobertP]

that is just an example

[scootstah]

Right, my bad.

 

By the way, splitting the salt like that really doesn't accomplish anything. It is no more secure than standard salting. Security through obscurity isn't security.

[PFMaBiSmAd]

utf8_encode is not needed because all the characters are plain ASCII characters - the characters 0-9a-f.