RANGER RANGER - 4 months ago 8
PHP Question

Salting a password with a "joined" datetime

I've seen this information in other articles but most were salting with a known value (like a username). Is salting a password with the

joined
datetime (or an MD5 of the
joined
datetime) a secure way of further securing credentials if the
joined
data is not exposed anywhere in the site?

Thanks in advance!

Answer

Salt with a truly random salt instead. Guessing a date based salt seems a little too easy, especially if someone is aware how long the person has been a member of the site.

You could do something like:

$salt = substr(sha1(uniqid(mt_rand(), true)), 0, 16);