Remember my post about MD5 Hashing and Salt? Well I’ve taken some time to develop a PHP class which helps very easily implement dynamic salt when using MD5. This class can be easily expanded or modified to use a different hash function. Take a look at it and let me know if it becomes useful to anyone!

You can download the PasswordWithSalt.class.php file here. Also I setup a VERY simple demo of how this works. I’m still working on developing this but comments and advice will definately be useful here.

 The following is the rough text and instructions I’ve written for my “readme.txt” file.

The only thing you need to do in order to properly configure this class is set the location you want to store your salts at. For example in the class set $storageLocation = “/home/user/salts/”; and give permissions for your server to write to that folder  (777 will work). I recommend the folder to be one outside your normal webroot.

The following demonstrates how to store salt for your user, then generate the hash using those salts. Don’t forget to store the final hash so you can compare against it later!

<?php
require(“PasswordWithSalt.class.php”);

//Init the class
$SaltPlease = new PasswordWithSalt();

//Store generated salts for user “admin”
$SaltPlease->storeSalt(“admin”);

//Get hash for user admin, password is “password”
$hash = $SaltPlease->createHash(“admin”, “password”);
?>

 

The following demonstrates how to duplicate the hash for a user who already has salt. $dbhash should be filled with the hash you have stored before.

<?php
require(“PasswordWithSalt.class.php”);

//Init the class
$SaltPlease = new PasswordWithSalt();

//Get hash for user admin, password is “password”
$hash = $SaltPlease->createHash(“admin”, “password”);

//Check to see if the generated hash match.
if($dbhash == $hash) {
echo “Password Hashes Match.”;
} else {
echo “Password Hashes DO NOT Match”;
}
?>