Password Salt Encryption Methods


Brief:

Salt Password encryption method is used to avoid the password hacking. Intruder will create Rainbow tables and using that they will try to crack the password. The general idea of rainbow tables is to pre-compute the hashes of the passwords in a password dictionary and store them, and their corresponding password, in a lookup table data structure.

Example : If two user has the same password and that is stored in the database using one of encryption method. If the intruder gets the password of one user then they will get other users password very easily because both the users password is same.

How It Works:  

To avoid the password attacks we use the password salt encryption method. In that we will create one random key which is unique for every user and that will be our salt key which encrypted sha1 encryption algorithm. Then the actual password of user, which is also encrypted by md5 encryption method, will be concatenated both the string and at the end encrypt that combined string using the RSA algorithm with our private key. Then store both the salt key and the complete encrypted password string in the database.

public function random_string() {
  $key = '';
  $keys = array_merge(range(0, 9), range('a', 'z'));
  for ($i = 0; $i < RANDOM_GHENERATOR_LENGTH; $i++) {
   $key .= $keys[array_rand($keys)];
  }
  return sha1($key);
}


This function will generate the random string which is unique every time and which is encrypted by sha1 encryption algorithm.

public function createCheckPassword($passwordString, $randomString) {
  $passwordWithSalt = $passwordString . $randomString;
  $passwordWithRSAEncrypt = self::encryptRSA($passwordWithSalt);
  return array("password" => trim($passwordWithRSAEncrypt), "salt" =>  trim ($randomString));
}


In this function we will pass the md5 encrypted password and encrypted salt key. We will combine both the string and then that will be encrypted by the RSA algorithm using our private key. And return the Salt encrypted password and salt key.

public function comparePassword($password, $dbpassword, $saltkey) {
  $decryptPass = self::decryptRSA($dbpassword);
  $combinePass = $password . $saltkey;
  if ($decryptPass === $combinePass) {
  return TRUE;
  } else {
     return FALSE;
  }
}
While login or to authenticate the user we need to check for the correct password. To check that, we need to pass the values to the above function:

$password: entered password
$dbpassword: password stored in database
$saltkey: the saly key stored in database

It will decrypt the database password with RSA Algorithm using our own public key. then we will create the new password string by using entered password and the database stored salt key. At the end, we will compare both the strings. If that is matched then the entered password is correct else it is wrong.


Benefits:  

Using the salt password encryption method we will create every password as an unique string and that will be stored in database if the multiple user has entered the same password. So due to that it is very difficult for intruder to crack the password because every password is different.
By -

Boston Byte Grabs a Spot in Clutch’s List of Top Software Developers in Massachusetts

Boston Byte is a collective of highly-skilled and highly-professional developers dedicated to solving your technological ...

  • XSS (Cross-Site Scripting)
    Brief: While coding, we add validations on entry points to your system. Validations are very important to avoid invalid data to make the ...
  • RTP Engine Installation
    Remove RTPProxy if it is installed by below command. sudo apt-get remove rtpproxy Now Clone the RTPengine project from GitHub. T...
  • GridFS - Pros & Cons
    GridFS is a convention for storing & retrieving large files in MongoDB. The default document size limit of 16MB is not applicable to Gr...