Registration / Login

Set your encryption key

First we need a "salt" which is basically like a random bit of data we use with every password hash. We’ll use CodeIgniter’s 'encryption_key' config item to store this.

This should be 32 characters long, and upper and lowercase letters with numbers for good measure too. Example:

$config['encryption_key'] = "NeO5C88iv7uo09U2E20iJF0iUiz8R9zm";

Salting function

Now that we have our encryption key set, we build a little function for ‘prepping’ the password before we insert/select it from the database.

What happens here, is that the password we save is modified using the sha1() function. But, we also append our key to the password (after the password) inside of this function so that we don’t end up with the ’standard’ hash for that string.

This way, we avoid the possibility of dictionary attacks.

function prepare_password($password)
    return sha1($password . $this->config->item('encryption_key'));

Learning Resources

Post A Comment

Anti-Spam Quiz: