Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds


Victims of Sandy Hook

Stop the Slaughter of Innocents. Congress is bought and paid for by gun lunatics and gun promotion groups. If you want to live in a safe America, help buy Congress back for America. Send a donation to Mayors Against Illegal Guns, 909 Third Avenue, 15th Floor New York, NY 10022

What is a Password Hash and Salt?

If you have a web application that requires user accounts, never store a user's password as plain-text. When a user creates a password, a hashing algorithm is performed on the password before it is stored in a database. When the user attempts to login, the password that they enter is hashed, and compared to the hashed value stored for that particular user name.

Hashing algorithm is similar to encryption in that a secret key is used with a mathematical algorithm to create a hash, except hashing always produces a fixed length result, regardless of the length of the password being hashed. In addition, a hashing algorithm is a one-way operation, even if you know the key you can not use it to reverse the hash.

To increase the security of a hashed password, a random value called salt is added to the hash value. The salt value is generated one time when the user creates their password, and it is stored along with the user's hashed password. Adding a random salt value to a user's hashed password insures that two users with the same password have different salted hashes.

It would NOT be a good idea to inform a prospective user (possible hacker) that a particular password is already in use.

If you don't want to create your own hashing function, you can use an existing standard hashing function.

AlgorythmHash Length
MD5128
AES256
SHA-1160
SHA-256256

SHA stands for (Secure Hashing Algorithm) stands for AES (Advanced Encryption Standard). There are many more standard hashing algorithms.

You could design your own hashing algorithm, or use the code available on the Internet for one of the standard algorithms. Programming languages include hashing functions, for example PHP's hash() function. Example code of PHP's hash() function use is shown below.

$password = hash("sha256", $password);

Note the first parameter to the hash function is the name of the hash algorithm to use. The second parameter is the password string to be hashed. The function returns the hashed string.

More Network Security Articles:
• Network Security
• Denial of Service Attack (DoS) Detection and Mitigation
• Designing Physical Network Security
• Implementing a Secure Password Policy
• Handling Rogue Access Points
• How to Become a Professional Ethical Hacker
• Man in the Middle Attack
• Wireless Network Security - The Basics of Securing a Wireless LAN
• Elementary Information Security
• Public Key Infrastructure

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268