crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash function [closed]

Question

I'm getting the following password error. I have PHP 7.2 variant(to php version 5.5 does not appear to me this problem ), the following code :

function make_key($length)
{
    $valid_chars = 'abcdefghijkilmnoprstwxyzABCDEFGHIJKMNOPRSTWXYZIL0123456789';
    $random_string = "";
    $num_valid_chars = strlen($valid_chars);
    for ($i = 0; $i < $length; $i++)
    {
        $random_pick = mt_rand(1, $num_valid_chars);
        $random_char = $valid_chars[$random_pick-1];
        $random_string .= $random_char;
    }
    return $random_string;
}

/**
 * Generate random coupon code
 * @param int $length
 * @return string
 */
function generate_code($length=6)
{
    // Generate array range
    $range = array_merge(range('A', 'Z'), range(0, 9));

    $keyCount = count($range) - 1;
    $code = '';
    for ($i = 0; $i < $length; $i++) {
        $rand = mt_rand(0, $keyCount);
        $code .= $range[$rand];
    }
    return $code;
}

/**
 * Generates a random SHA-256 salt ($5$)
 * @return string
 */
function generate_salt() {
    return '$5$'.substr(crypt(uniqid()), 3, 13);
}

i eperire appears to : return '$5$'.substr(crypt(unigid()), 3, 13); , can you help me how I can strengthen this code so I don't have any more problems? Thanks

Answer 1

The salt parameter is optional. However, crypt() creates a weak hash without the salt, and raises an E_NOTICE error without it. Make sure to specify a strong enough salt for better security.

function generate_salt($len = 8) {
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`~!@#$%^&*()-=_+';
$l = strlen($chars) - 1;
$str = '';
for ($i = 0; $i<$len; ++$i) {
    $str .= $chars[rand(0, $l)];
}
return $str;

}

$generate_salt = generate_salt($len = 8); $str = "$5$" . $generate_salt . "$"; $c = crypt(uniqid(), $str); echo $c; // $5$ot6wbbf+$wtwWCC8wmE01cNeHGGLMGqkWqiDWyHWfdXQvEOLI7.5

This is correct way to generate salt for crypt function.

Answer 2

I would suggest you use/ or move to/ password_hash() and password_verify() functions.

Crypt is not Binary safe..