How strong do salts need to be?
At the moment I use this function to generate a "unique" salt upon user registration:
$salt = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyz'), 0, 12);
I then hash it with sha1 along with the password.
What do you think?
PS. I'm not planning on getting MySpace big.
How strong a salt is all depends on how worried you are about security. You could simply salt it with the username (not very strong,) or you could generate a unique salt for each user, as you did.
If you're really worried, you could also create an encryption key, and encrypt each of these.
The more you add to it, the stronger it will, be, obviously. It's all just how worried about security you are.
You could try adding some special characters to that salt and it would be a lot stronger.
Salt lengths of 12 characters or more are difficult to crack but you can easily make your salts stronger by using other characters too i.e. upper case letters and special characters.
You are already salting your hash and ensuring each record has it's own individual salt which is very important.
When it comes to security it's not really an issue of how strong your salt is, it's an issue of how computationally expensive the hashing function is. SHA1 and MD5 are cheap. If you're going to stick with fast (weak) hashing functions - and this may be perfectly acceptable for small sites, I don't mean to imply otherwise - then I wouldn't worry about just how cryptographically-random the salt is. As long as it's random, it'll serve its purpose of eliminating precisely one attack vector (rainbow tables).
Any sufficiently random salt is strong "enough". The more randomness and more characters your salt has, the better for the hash, but anything that's several characters long and random works.
Here's some interesting links on password security:
The method of shuffling characters and taking the first 12 is equivalent to picking (without repetitions) 12 characters when the order matters. You have 36!/(36-12)! ~~ 2^59 possible ways of doing this.
If you pick all 12 elements (with possible repetitions) from the set of 36 letters, there are 36^12 ~~2^62 possible ways of doing it.
So in the method you used you end up with around 59 bits of entropy. I would say it's sufficient for any application and gives only 8 times less combinations that picking elements with repetitions.
The purpose of random salts is to ensure that a simple rainbow table won't work to decrypt the passwords, should the database table be leaked. If each record has its own salt, a new rainbow table would be needed for every single row.
Your shuffling approach is fine. The main point is for the salts to be DIFFERENT for each record, so that a single rainbow table won't compromise the whole table of passwords. The "strength" of the salts isn't as important.