Search results for: "salt"

What are the best practices for generating and using a salt string in bcrypt for password hashing in PHP?

When using bcrypt for password hashing in PHP, it is important to generate a unique salt string for each password hash to increase security. One commo...

How should the salt be formatted and what alphabet should it be in when using the "crypt" function in PHP?

When using the "crypt" function in PHP, the salt should be formatted with a specific prefix indicating the algorithm to use (e.g., "$2a$" for bcrypt)...

How does using a system-wide salt (or "pepper") affect the security of password hashing in PHP?

Using a system-wide salt (or "pepper") in addition to user-specific salts can greatly enhance the security of password hashing in PHP. By adding a sec...

What are the potential security risks of incorporating a "variable" position for the salt within the password in a PHP login script?

By incorporating a "variable" position for the salt within the password in a PHP login script, the potential security risks include making the salt pr...

What are the potential pitfalls of using mcrypt_create_iv() to generate a salt value for passwords in PHP?

Using mcrypt_create_iv() to generate a salt value for passwords in PHP is not recommended as the mcrypt extension has been deprecated in PHP 7.1 and r...