I'm looking at some code that I have not written myself. The code tries to hash a password with SHA512 and uses just time()
as the salt. Is time()
too simple a salt for this or is this code safe?
Thanks for the answers and comments. I will sum it up here for the new readers:
random, evenly distributed, high entropy
salt?Ok, so how about I replace time() with a random string 32 char long. The random string could be generated from looping 32 times over a set of alphabet chars. Does that sound good?