RANGER RANGER - 1 year ago 65
PHP Question

Salting a password with a "joined" datetime

I've seen this information in other articles but most were salting with a known value (like a username). Is salting a password with the

datetime (or an MD5 of the
datetime) a secure way of further securing credentials if the
data is not exposed anywhere in the site?

Thanks in advance!

Answer Source

Salt with a truly random salt instead. Guessing a date based salt seems a little too easy, especially if someone is aware how long the person has been a member of the site.

You could do something like:

$salt = substr(sha1(uniqid(mt_rand(), true)), 0, 16);
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download