There is such a piece of code.

mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);

I get something like that on output

 L    \     V: # z

Please tell me how to fix this?

  • and what was expected? Like nowhere does it say that it should be ascii string - zb '
  • What did you want to get? qwerty123 ? - ReinRaus
  • So this is the correct string? - Jeremen1


1 answer 1

Found a solution. mcrypt_create_iv returns the result in binary form, so to get the ascii string you need to skip the result of its execution through bin2hex.

  • Bin2hex for salt is a bad decision. Then it's better to use at least Capitalized + Lowercase + Digits. - SilverIce
  • one
    In general, usually your scrawl is wrapped in base64 for meaningful storage (if not as a binary file on disk). - SilverIce
  • hmm ... do you understand what you are saying :)? please tell me why bin2hex for salt is a bad decision? it does not affect the generated salt at all, it only converts binary data! - Jeremen1
  • @SilverIce can be about base64 in more detail? - zenith
  • @SilverIce did not understand the first comment, but understood the second one. Thank. @zenith with base64 your salt in the database will not be stored in clear text, since base64 encodes binary data. When you get coded salt, you decode it back with base64 and get your salt. Thus, an attacker who receives salt and password hashes will not have real salt and in order to find real salt, he will also need to find an algorithm for which the salt is encoded. Although again, if everyone uses base64 to encode, then he can easily guess what's wrong and get real salt. - Jeremen1