用 PHP 中的 crypt() 比较密码

Comparing passwords with crypt() in PHP(用 PHP 中的 crypt() 比较密码)
本文介绍了用 PHP 中的 crypt() 比较密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我需要了解此功能的基础知识.对于河豚算法,php.net 文档指出:

I need to get the basics of this function. The php.net documentation states, for the blowfish algorithm, that:

Blowfish 用盐散列如下:$2a$",一个两位数的成本参数,$",以及来自字母表./0-9A-Za-z"的 22 个基数 64 位.在盐中使用此范围之外的字符将导致 crypt() 返回零长度字符串

Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 base 64 digits from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string

因此,根据定义,这不应该起作用:

So this, by definition, should not work:

echo crypt('rasmuslerdorf', '$2a$07$usesomadasdsadsadsadasdasdasdsadesillystringforsalt$');

然而,它吐出来了:

$2a$07$usesomadasdsadsadsadaeMTUHlZEItvtV00u0.kb7qhDlC0Kou9e

crypt() 似乎将盐本身的长度减少到 22.有人可以解释一下吗?

Where it seems that crypt() has cut the salt itself to a length of 22. Could somebody please explain this?

这个功能的另一个我无法理解的方面是当他们使用 crypt() 来比较密码时.http://php.net/manual/en/function.crypt.php(看看例子.#1).这是否意味着如果我使用相同的盐来加密所有密码,我必须先对其进行加密?即:

Another aspect of this function I can't get my head around is when they use crypt() to compare passwords. http://php.net/manual/en/function.crypt.php (look at ex. #1). Does this mean that if I use the same salt for all encrypting all my passwords, I have to crypt it first? ie:

$salt = "usesomadasdsadsadsadae";
$salt_crypt = crypt($salt);

if (crypt($user_input, $salt) == $password) {
   // FAIL WONT WORK
}

if (crypt($user_input, $salt_crypt) == $password) {
   // I HAVE TO DO THIS?
}    

感谢您的时间

推荐答案

以下代码示例可能会回答您的问题.

Following code example may answer your questions.

要使用 Blowfish 生成散列密码,您首先需要生成一个盐,它以 $2a$ 开头,然后是迭代计数和 22 个 Base64 字符串字符.

To generate hashed password using Blowfish, you first need to generate a salt, which starts with $2a$ followed by iteration count and 22 characters of Base64 string.

$salt = '$2a$07$usesomadasdsadsadsadasdasdasdsadesillystringfors';
$digest = crypt('rasmuslerdorf', $salt);

将整个 $digest 存储在数据库中,它包含盐和摘要.

Store the whole $digest in database, it has both the salt and digest.

比较密码时,就这样做,

When comparing password, just do this,

  if (crypt($user_input, $digest) == $digest)

您将摘要作为盐重用.crypt 从算法标识符中知道盐的长度.

You are reusing the digest as salt. crypt knows how long is the salt from the algorithm identifier.

这篇关于用 PHP 中的 crypt() 比较密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

Facebook Login with Strict Mode for Redirect URIs(使用重定向 URI 的严格模式登录 Facebook)
How to retrieve post ID for a post i#39;ve just made via the Facebook API(如何检索我刚刚通过 Facebook API 发布的帖子的帖子 ID)
Facebook PHP SDK logout(Facebook PHP SDK 注销)
Facebook SDK and Graph API Comment Deleting Error(Facebook SDK 和 Graph API 评论删除错误)
PHP amp; Facebook: facebook-debug a URL using CURL and Facebook debugger(PHP amp;Facebook: facebook-debug a URL using CURL and Facebook debugger)
Can#39;t delete photo via Facebook API?(无法通过 Facebook API 删除照片?)