It is a great, and almost necessary, idea to use a hash to store passwords instead of keeping them in plaintext. An even better idea is to add a SALT to your passwords before, or after, applying a hash.

A SALT is an additional input to a hash function to create a different output than just the original input. Adding SALT to a password hash will make it much more difficult for someone to reverse engineer the passwords should they manage to acquire a list of the hashed passwords.

The following code snippet uses the Generate UUID command to generate a salt that is a random string 32 characters long. The generated salt is added to the original password before being passed through a hashing function. In this case the Generate digest with the MD5 Digest hashing algorithm used.

$password:="password" $salt:=Generate UUID $toHash:=$password + $salt $hashedPassword:=Generate digest($toHash;MD5 Digest)

When adding a user only the user name, the salt and the hashed password should be stored.

To validate a user the salt should be added to the submitted password and compared to the stored hash for that user. The following code shows an example of validating a user.

$toHash:=$submittedPass+[users]salt $hashedPassword:=Generate digest($toHash;MD5 Digest) If ($hashedPassword=[users]hash)    $match:=True Else    $match:=False End if

Using a SALT with your password hashing procedure is a simple change but adds an increased level of security for your users.