[nycphp-talk] security, sessions, and encryption
Aaron Fischer
agfische at email.smith.edu
Tue Mar 16 11:47:35 EST 2004
Hehe, tho' it is getting to be time for lunch I'm not referring to the
condiment.
From php.net, in reference to crypt:
string crypt ( string str [, string salt])
http://us3.php.net/manual/en/function.crypt.php
My impression is that the salt is the string that you can provide to
enable the encryption. In the case of crypt, if you don't provide one,
one will be provided for you.
Perhaps this isn't analogous to your RC4 method, as you are prepending
the random string to the end of the the password and then encrypting...
-Aaron
On Mar 16, 2004, at 11:40 AM, Jim Hendricks wrote:
>> This random alphanumeric string is know as the SALT, correct?
>
> Honestly, you got me there, I'm not sure what SALT is unless your
> talking the condiment. My random alphanumeric string is to be used
> as a key for encryption of other data in the system. If your only need
> is to encrypt the user passwords, then this random alphanumeric
> string is of no benefit to you.
More information about the talk
mailing list