用 PHP 中的 crypt() 比较密码

时间:2023-01-18
本文介绍了用 PHP 中的 crypt() 比较密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要了解此功能的基础知识.对于河豚算法,php.net 文档指出:

I need to get the basics of this function. The php.net documentation states, for the blowfish algorithm, that:

Blowfish 用盐散列如下:$2a$",一个两位数的成本参数,$",以及来自字母表./0-9A-Za-z"的 22 个基数 64 位.在盐中使用此范围之外的字符将导致 crypt() 返回零长度字符串

Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 base 64 digits from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string

因此,根据定义,这不应该起作用:

So this, by definition, should not work:

echo crypt('rasmuslerdorf', '$2a$07$usesomadasdsadsadsadasdasdasdsadesillystringforsalt$');

然而,它吐出来了:

$2a$07$usesomadasdsadsadsadaeMTUHlZEItvtV00u0.kb7qhDlC0Kou9e

crypt() 似乎将盐本身的长度减少到 22.有人可以解释一下吗?

Where it seems that crypt() has cut the salt itself to a length of 22. Could somebody please explain this?

这个功能的另一个我无法理解的方面是当他们使用 crypt() 来比较密码时.http://php.net/manual/en/function.crypt.php(看看例子.#1).这是否意味着如果我使用相同的盐来加密所有密码,我必须先对其进行加密?即:

Another aspect of this function I can't get my head around is when they use crypt() to compare passwords. http://php.net/manual/en/function.crypt.php (look at ex. #1). Does this mean that if I use the same salt for all encrypting all my passwords, I have to crypt it first? ie:

$salt = "usesomadasdsadsadsadae";
$salt_crypt = crypt($salt);

if (crypt($user_input, $salt) == $password) {
   // FAIL WONT WORK
}

if (crypt($user_input, $salt_crypt) == $password) {
   // I HAVE TO DO THIS?
}    

感谢您的时间

推荐答案

以下代码示例可能会回答您的问题.

Following code example may answer your questions.

要使用 Blowfish 生成散列密码,您首先需要生成一个盐,它以 $2a$ 开头,然后是迭代计数和 22 个 Base64 字符串字符.

To generate hashed password using Blowfish, you first need to generate a salt, which starts with $2a$ followed by iteration count and 22 characters of Base64 string.

$salt = '$2a$07$usesomadasdsadsadsadasdasdasdsadesillystringfors';
$digest = crypt('rasmuslerdorf', $salt);

将整个 $digest 存储在数据库中,它包含盐和摘要.

Store the whole $digest in database, it has both the salt and digest.

比较密码时,就这样做,

When comparing password, just do this,

  if (crypt($user_input, $digest) == $digest)

您将摘要作为盐重用.crypt 从算法标识符中知道盐的长度.

You are reusing the digest as salt. crypt knows how long is the salt from the algorithm identifier.

这篇关于用 PHP 中的 crypt() 比较密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

上一篇:任何人都可以访问我的 PHP 源代码吗? 下一篇:Mcrypt js 加密值与 PHP 生成的不同 mcrypt/Mcrypt JS 解

相关文章

最新文章