[英]MySQL ENCRYPT password but how to DECRYPT?
I am going through this tutorial and I am using the ENCRYPT MySQL function. 我正在阅读本教程,并且正在使用ENCRYPT MySQL函数。
http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/ http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/
But now I have the problem of how to decrypt the encrypted password in MySQL or in php? 但是现在我有一个问题,如何在MySQL或php中解密加密的密码? I want to compare if the password entered is the same as the encrypted one.
我想比较一下输入的密码是否与加密的密码相同。
How can I compare it? 我该如何比较? MySQL must be encrypted with the ENCRYPT function!
MySQL必须使用ENCRYPT函数加密!
I am searching but I can not find anything how to decrypt the ENCRYPT MySQL function... 我正在搜索,但找不到任何如何解密ENCRYPT MySQL函数的信息...
ENCRYPT
is using a one way hash algorithm there is no DECRYPT
.. That's the sense of enrypting passwords: a hacker should have no option to see the clear text passwords. ENCRYPT
使用的是一种单方法哈希算法,没有DECRYPT
..这就是加密密码的含义:黑客不应选择查看明文密码。
When you need to compare a password in db with one a user has entered, use a query like this (using prepared queries) 当您需要将db中的密码与用户输入的密码进行比较时,请使用这样的查询(使用准备好的查询)
SELECT * FROM `user`
WHERE `name` = 'hek2mgl`
AND `password` = ENCRYPT('user_input', `password`)
The ENCRYPT
function will output a "salted" string prefixed with the salt itself, so feeding it back the encrypted password will re-supply the original salt. ENCRYPT
函数将输出以盐本身为前缀的“盐渍”字符串,因此将加密的密码反馈给它将重新提供原始盐。
You can't decrypt the password - it is encrypted with one-way encryption. 您无法解密密码-该密码已通过单向加密进行了加密。
What you need to do is encrypt the entered password and compare the result with the stored encrypted password. 您需要做的是加密输入的密码,并将结果与存储的加密密码进行比较。
you don't need to DECRYPT the password. 您不需要解密密码。 In order to check if a user submitted the correct password, just RE-ENCRYPT the password given by the user and check if it matches the one stored in your database.
为了检查用户是否提交了正确的密码,只需重新加密用户提供的密码,然后检查它是否与数据库中存储的密码匹配。
Moreoever, a simple hash function will suffice (avoid MD5 and make use of salt to prevent dictionary or rainbow-tables attacks!) 而且,简单的哈希函数就足够了(避免使用MD5,并使用盐来防止字典或彩虹表攻击!)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.