堆栈内存溢出
  简体   繁体   English

MySQL ENCRYPT密码但是如何解密?

[英]MySQL ENCRYPT password but how to DECRYPT?

 原文  2013-05-10 15:39:33       php/ mysql

问题描述

I am going through this tutorial and I am using the ENCRYPT MySQL function. 我正在阅读本教程,并且正在使用ENCRYPT MySQL函数。

http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/ http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/

But now I have the problem of how to decrypt the encrypted password in MySQL or in php? 但是现在我有一个问题,如何在MySQL或php中解密加密的密码? I want to compare if the password entered is the same as the encrypted one. 我想比较一下输入的密码是否与加密的密码相同。

How can I compare it? 我该如何比较? MySQL must be encrypted with the ENCRYPT function! MySQL必须使用ENCRYPT函数加密!

I am searching but I can not find anything how to decrypt the ENCRYPT MySQL function... 我正在搜索,但找不到任何如何解密ENCRYPT MySQL函数的信息...

3 个解决方案

解决方案1
 14  2013-05-10 15:42:05

ENCRYPT is using a one way hash algorithm there is no DECRYPT .. That's the sense of enrypting passwords: a hacker should have no option to see the clear text passwords. ENCRYPT使用的是一种单方法哈希算法,没有DECRYPT ..这就是加密密码的含义:黑客不应选择查看明文密码。

When you need to compare a password in db with one a user has entered, use a query like this (using prepared queries) 当您需要将db中的密码与用户输入的密码进行比较时,请使用这样的查询(使用准备好的查询) 

SELECT * FROM `user`
WHERE `name` = 'hek2mgl` 
  AND `password` = ENCRYPT('user_input', `password`)

The ENCRYPT function will output a "salted" string prefixed with the salt itself, so feeding it back the encrypted password will re-supply the original salt. ENCRYPT函数将输出以盐本身为前缀的“盐渍”字符串,因此将加密的密码反馈给它将重新提供原始盐。

解决方案2
 4  2013-05-10 15:41:54

You can't decrypt the password - it is encrypted with one-way encryption. 您无法解密密码-该密码已通过单向加密进行了加密。

What you need to do is encrypt the entered password and compare the result with the stored encrypted password. 您需要做的是加密输入的密码,并将结果与​​存储的加密密码进行比较。

解决方案3
 0  2013-05-10 15:44:33

you don't need to DECRYPT the password. 您不需要解密密码。 In order to check if a user submitted the correct password, just RE-ENCRYPT the password given by the user and check if it matches the one stored in your database. 为了检查用户是否提交了正确的密码,只需重新加密用户提供的密码,然后检查它是否与数据库中存储的密码匹配。

Moreoever, a simple hash function will suffice (avoid MD5 and make use of salt to prevent dictionary or rainbow-tables attacks!) 而且,简单的哈希函数就足够了(避免使用MD5,并使用盐来防止字典或彩虹表攻击!)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在mysql中解密密码 - How to decrypt password in mysql 如何在drupal8中解密和加密用户密码 - how to decrypt and encrypt the user password in drupal8 用密钥文件加密,用密码解密 - encrypt with keyfile, decrypt with password Yii加密和解密密码 - Yii encrypt and decrypt password 加密和解密(mysql和php) - encrypt and decrypt (mysql and php) 加密解密VS MySQL - Encrypt Decrypt VS MySQL PHP salt加密/解密密码 - PHP salt encrypt/decrypt password 如何使用libsodium php用salt加密/解密密码 - how to encrypt / decrypt password with salt using libsodium php 如何使用php加密和解密mysql数据库中的数据? - How to encrypt and decrypt data in the mysql database using php? 在 PHP 中加密和解密密码、文件的完美方法? - Perfect way to encrypt & decrypt password, files in PHP?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM