Generating salts is useful, when performing some kind of hashing on critical data such as user passwords, as it makes the hash decoding much more complicated. So, even if someone gets into the system and steals the essential data, it is almost impossible for him to obtain the original data because hash decoding requires a large amount of computer resources, time and some serious brutal attacks.
You can copy the following PHP script to generate salts with your own function which means you can control the salt generation, The comments are just for documentation purpose, so, you can remove the comments for development purposes.
/**
* This function generates random string containing the specified characters and length
* @param string $charset The characters to be used for generating the string
* @param boolean $randomLength TRUE for using random length between <strong>$min</strong> & <strong>$max</strong>
* @param int $min The minimum length to be used when generating the string of random length
* @param int $max The maximum length to be used when generating the string of random length
* @param int $len The length of the string to be generated when no random length is required
* @param int $shuffle The number of times the characters are to be shuffled. More shuffling means more uniqueness
* @return string The generated string
*/
public function generate_salt($charset = "abcdefghijklmnopqrstuvwxyz0123456789", $randomLength = TRUE, $min = 5, $max = 15, $len = 8, $shuffle = 6) {
$charset = str_split(str_shuffle($charset));
$salt = "";
$len = $randomLength == TRUE ? rand($min, $max) : $len;
for (; $shuffle > 0; $shuffle--) {
shuffle($charset);
}
for ($i = 0; $i < $len; $i++) {
$salt.=$charset[$i];
}
return $salt;
}
You can copy the following PHP script to generate salts with your own function which means you can control the salt generation, The comments are just for documentation purpose, so, you can remove the comments for development purposes.
/**
* This function generates random string containing the specified characters and length
* @param string $charset The characters to be used for generating the string
* @param boolean $randomLength TRUE for using random length between <strong>$min</strong> & <strong>$max</strong>
* @param int $min The minimum length to be used when generating the string of random length
* @param int $max The maximum length to be used when generating the string of random length
* @param int $len The length of the string to be generated when no random length is required
* @param int $shuffle The number of times the characters are to be shuffled. More shuffling means more uniqueness
* @return string The generated string
*/
public function generate_salt($charset = "abcdefghijklmnopqrstuvwxyz0123456789", $randomLength = TRUE, $min = 5, $max = 15, $len = 8, $shuffle = 6) {
$charset = str_split(str_shuffle($charset));
$salt = "";
$len = $randomLength == TRUE ? rand($min, $max) : $len;
for (; $shuffle > 0; $shuffle--) {
shuffle($charset);
}
for ($i = 0; $i < $len; $i++) {
$salt.=$charset[$i];
}
return $salt;
}
Comments