How To Use Salts and md5 in PHP

The MD5 hashing algorithm gets bad press because “its insecure”. This post is not about that; MD5 is a hashing algorithm and is a good way of generating a representation of something, without actually needing the thing itself. I was asked about its use the other day so I thought I’d blog it.

One problem with MD5 is that a given input always generates the same output. Therefore, it is possible to generate a table of all (likely) values and their resulting MD5s, then be able to use it as a lookup to find out what makes that result – these are “rainbow tables”. A bit like choosing a password, having a commonly available piece of data (like an integer) means that there is probably a rainbow table with it in. Salting makes it less likely that a decode is available, and in PHP you would do something like this:

$salt = 'myrandomstring';
$hashed_value = md5($salt.$value);

One thought on “How To Use Salts and md5 in PHP

  1. Having been involved in quite a few service-related activities in the last year or so, I’ve been having a few thoughts about what I’ve learned from this and what decisions I make when designing a service. Hopefully there will be a few of these posts – bu

Leave a Reply

Please use [code] and [/code] around any source code you wish to share.

This site uses Akismet to reduce spam. Learn how your comment data is processed.