0

I need to generate a salt (to pass to crypt) but the server doesn't have mcrypt (and I do not have the ability to put it there). Is there a way I can do it with openssl_random_pseudo_bytes or another built-in PHP function?

It is important that it has safe-randomness.

My mcrypt was:

$salt = "$" . $algorithm . "$" . $length . "$";
$salt .= substr( str_replace( "+", ".", base64_encode( mcrypt_create_iv( 128, MCRYPT_DEV_URANDOM ) ) ), 0, 22 );
return $salt;

How would I do this without mcrypt?

Don Rhummy
  • 24,730
  • 42
  • 175
  • 330
  • How would I use the option suggested there with `crypt`? I can't get it to work. – Don Rhummy Apr 29 '14 at 03:27
  • If you look at the top rated answer in that situation and you are not using this for commercial use, then you can generate a random value using `mt_rand()` and then running `uniqid()` on the previous value. – Brandon White Apr 29 '14 at 03:34
  • @BrandonWhite I ended up with a much more secure option: `$salt = "$2a$12$" . bin2hex( openssl_random_pseudo_bytes( 22, $strongCheck ) );` – Don Rhummy Apr 29 '14 at 15:16

0 Answers0