PHP: Random Salt String Generator

By voidet on September 13, 2009, 7,562 views

As i develop new CakePHP projects i like to spin the wheel with generating a “secure” salt string to be used in core.php. Instead of just bashing my head against the keyboard hoping for some random, usable, 40 character long string, i decided to let php do it for me, which i run from console!

Posted by voidet –

Categorised under CakePHP

Bookmark the permalink or leave a trackback.

Other Posts

Less

Daniel Hofstetter

An alternative is to use “cake bake project” to bake your project, as it will automatically generate a random salt value.

ReplyPermalink

September 14, 2009 @ 12:08 am

Miles Johnson

You could get the same effect writing less code and using less memory (your doing 2 randoms per loop).

function generate($length = 10) {
	$characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
	$return 	= '';
	
	if ($length > 0) {
		$totalChars = strlen($characters) - 1;
		for ($i = 0; $i <= $length; ++$i) {
			$return .= $characters[rand(0, $totalChars)];
		}
	}
	
	return $return;
}

ReplyPermalink

September 14, 2009 @ 10:58 am

fozzy

@ Mile Johnson’s code

The code has an off by one bug. A length 10 code will return 11. The for loop should be:

“for ($i = 0; $i < $length; ++$i) {" // change <= to simply <

ReplyPermalink

October 1, 2009 @ 6:15 am
VoiDeT

@Miles hey thanks alot. I might post up your code as a replacement. I did the rand simply because i was too lazy to write the upper cased letters.

ReplyPermalink

October 1, 2009 @ 11:41 am
VoiDeT

Updated the post with a merge of @Miles’s code and a rethink on my part.
Also if anyone knows a good wordpress code formatting plugin please let me know! I am really hating my one at the moment!

ReplyPermalink

October 1, 2009 @ 11:52 am
ricbax

Re: A wordpress code formatting plugin

WP-Syntax
Google Syntax Highlighter

Both are good.

Google Syntax Highlighter has more functionality.

ReplyPermalink

October 20, 2009 @ 6:37 am
ohcibi

There is a tool for linux called pwgen. Just run pwgen -c -n -s 128 from your console and you’ll get some 128 characters long secure strings.

ReplyPermalink

March 2, 2010 @ 12:14 pm
Goran

Very nice code buddy. Thanks for it. I have just one short question. How long can the SALT value be? Is there any min/max length? This “$length = 10″ will generate 10 characters long SALT value, right?
Thanks in advance.

ReplyPermalink

April 21, 2010 @ 10:48 am
- VoiDeT
  
  A salt string is simply a string of characters that are used to distort a hash or other type of encryption. For example a 32 character salt would result in:
  
  Assume a user’s (encrypted) secret key is stolen and he is known to use one of 200,000 English words as his password. The system uses a 32-bit salt. The salted key is now the original password appended to this random 32-bit salt. Because of this salt, the attacker’s pre-calculated hashes are of no value. He must calculate the hash of each word with each of 232 (4,294,967,296) possible salts appended until a match is found. The total number of possible inputs can be obtained by multiplying the number of words in the dictionary with the number of possible salts:
  
  To complete a brute-force attack, the attacker must now compute about 800 trillion hashes, instead of only 200,000. Even though the password itself is known to be simple, the secret salt makes breaking the password increasingly difficult.
  
  //Wikipedia
  
  Generally i use 40 chars for my salt
  
  ReplyPermalink
  
  April 21, 2010 @ 11:00 am

My Ride

Instagrams

Recent Posts

Recent Comments

Archives

Categories

Meta

ON MY TV

This Is 40 (2012)

PHP: Random Salt String Generator

Other Posts

9 Comments

Post a Comment