[英]Use authentication against encrypted password
I have the password encrypted in dataBase by zend2 's BlockCipher : 我通过zend2的BlockCipher在数据库中加密了密码:
public function cipher($incKey, $password) {
$cipher = BlockCipher::factory ( 'mcrypt', array (
'algorithm' => 'aes'
));
$cipher->setKey ( $incKey );
$text = $password;
$encrypted = $cipher->encrypt ( $text );
echo "Encrypted text: $encrypted \n";
return $encrypted;
}
Now I need to authenticate the user's password when logging in: 现在,我需要在登录时验证用户密码:
$cipher = new Cipher();
$ciphered_password = $cipher->cipher($incKey, $data['usr_password']);
$authAdapter = new AuthAdapter($dbAdapter,
'users',
'email',
'password',
"CONCAT('$ciphered_password') AND state= 1"
);
But doesn't pass the authentication; 但是没有通过认证;
with code: FAILURE_CREDENTIAL_INVALID 包含代码: FAILURE_CREDENTIAL_INVALID
Am I doing something wrong here? 我在这里做错什么了吗?
Any help would be appreciated. 任何帮助,将不胜感激。
The encryption mode Blockcipher::factory
uses is not deterministic. Blockcipher::factory
使用的加密模式不是确定性的。 It uses CBC which is initialized with a random IV and thus every ciphertext (encrypted plaintext) looks differently and pseudorandom. 它使用通过随机IV初始化的CBC ,因此每个密文(加密的明文)看起来都不同,而且伪随机。 You should use password hashing instead.
您应该改用密码哈希 。 This page seems to be the appropriate resource for it in zend.
该页面似乎是zend中适合其使用的资源。 Over at security.se you can find some background knowledge to password storage .
在security.se上,您可以找到一些有关密码存储的背景知识 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.