View Full Version : MD5 and Salt
JayJay
05-19-2005, 01:27 PM
Is there any way to change the current salt to something different? And if so, how would I go about doing this?
Would I need to change the following in functions_user.php:
// ###################### Start makesalt #######################
// generates a totally random string of $length chars
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
Marco van Herwaarden
05-19-2005, 01:43 PM
The salt is randomly generated for each user and stored in teh user table. Why you would want to change that?
Zero Tolerance
05-19-2005, 01:58 PM
Well, if you wanted you could change it, if you wanted to change the length, change:
$length = 3 to your number, like: $length = 5.
If you wanted to change the characters contained within the salt, then change this line:
$salt .= chr(rand(32, 126));
I don't really recommend changing anything though, i see no reason as to why it would needed to be changed.
- Zero Tolerance
Colin F
05-19-2005, 02:17 PM
I'm not sure if your users wouldn't have to reset their password if you change the salt though...
Zachery
05-19-2005, 02:31 PM
I'm not sure if your users wouldn't have to reset their password if you change the salt though...
Should be fine, salt is only generated on register or password change, it shouldn't matter in the long run..
Colin F
05-19-2005, 03:21 PM
Should be fine, salt is only generated on register or password change, it shouldn't matter in the long run..
sure, but isn't the encrypted passsword in the database md5'd with salt?
If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Zero Tolerance
05-19-2005, 09:57 PM
sure, but isn't the encrypted passsword in the database md5'd with salt?
If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Yeah changing the users salt would mess things up, however changing that (the above code) would only affect new registered users.
- Zero Tolerance
Zachery
05-19-2005, 10:04 PM
sure, but isn't the encrypted passsword in the database md5'd with salt?
If so, and you change the salt of a user, it wouldn't be able to match up the passwords, I'd think.
Like ZT said.
AN-net
05-19-2005, 10:47 PM
so everytime a password is reset or changed the salt is changed?
Zachery
05-19-2005, 10:50 PM
so everytime a password is reset or changed the salt is changed?
Hmm Not sure actually, take a look at the function I think it only counts for new salts.
Paul M
05-20-2005, 12:41 AM
so everytime a password is reset or changed the salt is changed?Nope - it's created when you register, and that's it.
AN-net
05-20-2005, 02:05 AM
k, kool;)
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.