If the password is hashed directly, the hacker can obtain the password of a user by querying the hash dictionary (for example, MD5 password cracking website. After adding the salt, it will be much more difficult. even if you have obtained the salt and the final ciphertext, cracking is quite troublesome. If you add some salt (salt)
If the password is hashed directly, the hacker can obtain the password of a user by querying the hash dictionary (for example, MD5 password cracking website. After adding the salt, it will be much more difficult. even if you have obtained the salt and the final ciphertext, cracking is quite troublesome.
If you add some salt (salt )?
To enhance the MD5 security, a new algorithm is added, that is, the salt value. The salt value is a randomly generated string that can contain random uppercase/lowercase letters, numbers, and characters, the number of digits may vary according to requirements. The final ciphertext generated by using different salt values is different:
1) first, we get the hash value of plaintext.
2). calculate and obtain the MD5 plaintext hash value.
3) randomly generate and insert the salt adding value
4). MD5 inserts the hash value worth adding salt.
5). obtain the final ciphertext
Let's look at a simple add salt function:
/*** MD5 plus SALT function * by http://www.phpddt.com */function do_hash ($ psw) {$ salt = 'fdsafagfdgv43532ju76jm '; // define a salt value, preferably long enough, or return md5 randomly ($ psw. $ salt); // returns the hash after adding salt}
Note:
If you generate a random salt value, you have to put it into the database. do not use the time () timestamp, so that others can not enumerate it. if you are too troublesome, you can configure a complex salt value. the preceding two methods have their own advantages.