MD5, Salt and password encrypt ? Here I’ll talk about my personal opinion about md5 password encryption and I wish it could help you
First, I have a simple concept about MD5 and Salt. So what is MD5 ? what is Salt?
Talking about MD5, it’s a cryptographic hash function producing a 128 bit-hash value, typically expressed in text format as a 32 digit hexadecimal number. This concept may be a little confuse. For more easily, in PHP, MD5 simple is just a function which converts/encrypts a string into 32 digit hexadecimal number.
For example when we md5(123456).

e10adc3949ba59abbe56e057f20f883e

Remember all the same strings which are converted / encrypted by md5 have the same result. And it is one-way encrypted. It means we can not decrypt the hexadecimal to original string. Some of website like http://www.md5cracker.org/ , they decrypt md5’s hexadecimal by comparing with their available library.

How about Salt? Salt is a random data, can be a random string which contains some random characters in alphabet (a-z and A-Z, different between upper case and lower case). Implementing Salt is very simple, all you need is pick random characters and combine it together.

$s1=rand(0,51);
$s2=rand(0,51);
$s3=rand(0,51);
$str="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$salt=$str[$s1].$str[$s2].$str[$s3];
echo $salt;

In this code, I want to generate a salt with 3 characters. If you want more, simple put more $s to this code.

Secondly, I talk about the secure password. Here is the password formula.

password = md5( input_password + salt + email)

You may curious why is this formula. Well, as I talk before, md5 function is one-way encrypted. It can not be decrypt but comparing with available data.So, If we make our original string complicated, there no way md5 can be decrypt. Let take a simple example.

  • My wish password will be 123456 (all time popular password).
  • The salt generates from those code is glk.
  • And my email is [email protected] Unique email.

Then, I combine 3 strings above [email protected] This string completely unique and I’m sure with you it’s ever never available in some of md5cracker website.
So as you see, your password is completely secure and no one know your original password. This is we call the md5 password encryption

HOW CAN WE MAKE  SECURE LOGIN ?

Certainly, we must save salt in our database.

So each time a login happens, simply we just get salt from database, do like formula and compare it with saved password.
That’s all. Wishing it would help you.
PS: I know this post should be wrote with better English words, but I’m trying to improve my english knowledges, so if you find something wrong, please tell me. Thanks!