Bcrypt what does salt and cost mean?
I've always used MD5 to encrypt passwords, but I've read that it shouldn't be used anymore, but instead use bcrypt ..
I'm using zendframework 2 where I found it describes bcrypt configurations like this:
$bcrypt = new Bcrypt(array(
'salt' => 'random value',
'cost' => 11
));
What is salt and what is the cost? and how can they be used?
source to share
Salt is random text added to the string to be hashed. For example, you don't hash my_secret_password
; you hash something like 1jfSLKe$*@SL$#)(Sslkfs$34:my_secret_password
. The reason for this is that it makes it difficult to set up a rainbow table to brute force passwords even if the entire password hashed database is stolen. If each password has a different salt, only the weakest passwords will be taken into account (for example, "password" or "123456" which you should disable).
Cost is a measure of how many times to run the hash - how slow. You want it to be slow. Again, this is an overkill level of security if the hashed passwords are stolen. This makes it prohibitively expensive for brute force.
You can read a good description here: https://security.stackexchange.com/a/51983/35405
source to share