SlideShare ist ein Scribd-Unternehmen logo

Securing Login Credentials - SALT Tutorial

Als PPTX, PDF herunterladen
ProdigyView
ProdigyView

Learn how to create secure logins by properly hashing passwords and using SALT.

Technologie
1 von 12
Creating A Secure Login www.prodigyview.com
Storing A User’s Password Standard issue for having access to a site is a user’s password with an association to a username or email address. BAD PRACTICE !!!! www.prodigyview.com
Storing Passwords in Plain Text On the previous slide, the password was in plain text. THIS IS VERY BAD PRACTICE! 1. If the database is hacked/stolen, users account will be at risk. 2. The user’s information could be at risk from members of the internal organization
MD5 Hashing One answer to solving the problem is MD5 hashing. Before the password is actually inserted in the database, hash it with md5.
Problem with MD5 Hash MD5 hashing is great, except for one small problem. There is a dictionary list of md5 hashes. Just Google the hashed code and see for yourself. www.prodigyview.com
Dictionary List and Attacks A dictionary list is a library of hashed values and their corresponding unhashed strings. In other words, it’s a way of decoding md5 hashed passwords. A dictionary list can be built using other hashing algorithms such as sha1(). How do we get around this? www.prodigyview.com
SALT! Salt is adding a string of text as part of the encryption process. This can prevent basic dictionary list from being formed.
Google the SALTed Hash A Google search for the salted hash will give these results. This is what we want. www.prodigyview.com
A Small Problem with SALT We are about to make things a little more complex. SALT is great because is HARD to make a dictionary list but NOT IMPOSSIBLE. The way around this problem to find some way making a unique SALT for each user. Our next slide is one of many ways of making a unique SALT for extra security. www.prodigyview.com
Use Two IDs A user login’s with their email and password. For our salt to work, lets add in a third login field. Make each user have their own unique pin number that is required to login. The pin number will be the SALT.
PHP Crypt PHP has a function design for securing a user’s password. It will use standard Unix DES algorithm but can be configured to use others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com

Empfohlen

Data validation in web applications
Data validation in web applicationsData validation in web applications
Data validation in web applicationssrkirkland
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Installing Plug-ins
Installing Plug-insInstalling Plug-ins
Installing Plug-insProdigyView
 
Building An Application
Building An ApplicationBuilding An Application
Building An ApplicationProdigyView
 
Installing Applications
Installing ApplicationsInstalling Applications
Installing ApplicationsProdigyView
 
Video Content Management
Video Content ManagementVideo Content Management
Video Content ManagementProdigyView
 
Audio Content Management
Audio Content ManagementAudio Content Management
Audio Content ManagementProdigyView
 
File Content Management
File Content ManagementFile Content Management
File Content ManagementProdigyView
 

Empfohlen

Data validation in web applications
Data validation in web applicationsData validation in web applications
Data validation in web applicationssrkirkland
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Installing Plug-ins
Installing Plug-insInstalling Plug-ins
Installing Plug-insProdigyView
 
Building An Application
Building An ApplicationBuilding An Application
Building An ApplicationProdigyView
 
Installing Applications
Installing ApplicationsInstalling Applications
Installing ApplicationsProdigyView
 
Video Content Management
Video Content ManagementVideo Content Management
Video Content ManagementProdigyView
 
Audio Content Management
Audio Content ManagementAudio Content Management
Audio Content ManagementProdigyView
 
File Content Management
File Content ManagementFile Content Management
File Content ManagementProdigyView
 
Email Configuration
Email ConfigurationEmail Configuration
Email ConfigurationProdigyView
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialProdigyView
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms TutorialProdigyView
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags TutorialProdigyView
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHPProdigyView
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHPProdigyView
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyViewProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHPProdigyView
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPProdigyView
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web CacheProdigyView
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS LibrariesProdigyView
 
PHP Libraries
PHP LibrariesPHP Libraries
PHP LibrariesProdigyView
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements TutorialProdigyView
 
Database Basics
Database BasicsDatabase Basics
Database BasicsProdigyView
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design PatternProdigyView
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design PatternProdigyView
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHPProdigyView
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search QueryProdigyView
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyView
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2ProdigyView
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Weitere ähnliche Inhalte

Mehr von ProdigyView

Email Configuration
Email ConfigurationEmail Configuration
Email ConfigurationProdigyView
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialProdigyView
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms TutorialProdigyView
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags TutorialProdigyView
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHPProdigyView
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHPProdigyView
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyViewProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHPProdigyView
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPProdigyView
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web CacheProdigyView
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS LibrariesProdigyView
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements TutorialProdigyView
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design PatternProdigyView
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design PatternProdigyView
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHPProdigyView
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search QueryProdigyView
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyView
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2ProdigyView
 

Mehr von ProdigyView (20)

Email Configuration
Email ConfigurationEmail Configuration
Email Configuration
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements Tutorial
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms Tutorial
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags Tutorial
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHP
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHP
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHP
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHP
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web Cache
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS Libraries
 
PHP Libraries
PHP LibrariesPHP Libraries
PHP Libraries
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements Tutorial
 
Database Basics
Database BasicsDatabase Basics
Database Basics
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design Pattern
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design Pattern
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHP
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search Query
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration File
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2
 

Kürzlich hochgeladen

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Securing Login Credentials - SALT Tutorial

  • 1. Creating A Secure Login www.prodigyview.com
  • 2. Storing A User’s Password Standard issue for having access to a site is a user’s password with an association to a username or email address. BAD PRACTICE !!!! www.prodigyview.com
  • 3. Storing Passwords in Plain Text On the previous slide, the password was in plain text. THIS IS VERY BAD PRACTICE! 1. If the database is hacked/stolen, users account will be at risk. 2. The user’s information could be at risk from members of the internal organization
  • 4. MD5 Hashing One answer to solving the problem is MD5 hashing. Before the password is actually inserted in the database, hash it with md5.
  • 5. Problem with MD5 Hash MD5 hashing is great, except for one small problem. There is a dictionary list of md5 hashes. Just Google the hashed code and see for yourself. www.prodigyview.com
  • 6. Dictionary List and Attacks A dictionary list is a library of hashed values and their corresponding unhashed strings. In other words, it’s a way of decoding md5 hashed passwords. A dictionary list can be built using other hashing algorithms such as sha1(). How do we get around this? www.prodigyview.com
  • 7. SALT! Salt is adding a string of text as part of the encryption process. This can prevent basic dictionary list from being formed.
  • 8. Google the SALTed Hash A Google search for the salted hash will give these results. This is what we want. www.prodigyview.com
  • 9. A Small Problem with SALT We are about to make things a little more complex. SALT is great because is HARD to make a dictionary list but NOT IMPOSSIBLE. The way around this problem to find some way making a unique SALT for each user. Our next slide is one of many ways of making a unique SALT for extra security. www.prodigyview.com
  • 10. Use Two IDs A user login’s with their email and password. For our salt to work, lets add in a third login field. Make each user have their own unique pin number that is required to login. The pin number will be the SALT.
  • 11. PHP Crypt PHP has a function design for securing a user’s password. It will use standard Unix DES algorithm but can be configured to use others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
  • 12. More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com