I want to use a blowfish crypt() in php but I am scared that i will use a wrong salt. Is there something like a wrong salt? And is a salt that is for instance 2020352352 worse than salt that is lkfjaslj5l3k? I know you should put something random in it and I am planning on doing that.
Asked
Active
Viewed 63 times
1
Sachin Mokashi
- 415
- 5
- 17
Ian.V
- 345
- 3
- 19
-
1The salt has to be cryptographically secure. – Charlotte Dunois Dec 02 '16 at 11:11
1 Answers
3
Why reinvent the wheel?
Password_hash()uses a strong hash, generates a strong salt, and applies proper rounds automatically.password_hash()is a simplecrypt()wrapper and compatible with existing password hashes. Use ofpassword_hash()is encouraged. Source: Crypt - PHP Manual
If you want to use blowfish:
PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash.
The salt that you can pass through the (array) $options argument is optional, if omitted password_hash() will automatically create a salt. You can count on password_hash() coming up with a good enough salt, i.e. secure.
Niellles
- 868
- 10
- 27