14 Apr
2009

How To Use Salts and md5 in PHP

The MD5 hashing algorithm gets bad press because “its insecure”. This post is not about that; MD5 is a hashing algorithm and is a good way of generating a representation of something, without actually needing the thing itself. I was asked about its use the other day so I thought I’d blog it.

One problem with MD5 is that a given input always generates the same output. Therefore, it is possible to generate a table of all (likely) values and their resulting MD5s, then be able to use it as a lookup to find out what makes that result – these are “rainbow tables”. A bit like choosing a password, having a commonly available piece of data (like an integer) means that there is probably a rainbow table with it in. Salting makes it less likely that a decode is available, and in PHP you would do something like this:

$salt = 'myrandomstring';
$hashed_value = md5($salt.$value);

One thought on “How To Use Salts and md5 in PHP

  1. Having been involved in quite a few service-related activities in the last year or so, I’ve been having a few thoughts about what I’ve learned from this and what decisions I make when designing a service. Hopefully there will be a few of these posts – bu

    Reply

Leave a Reply

Please use [code] and [/code] around any source code you wish to share.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)