MySQL Row存储加密的密码
[英]MySQL Row to store encrypted passwords
问题描述
I have found a nice basic cipher class which I am now using to convert all plain-text passwords in my MySQL Database. 
我发现了一个很好的基本密码类,现在我可以使用该类来转换MySQL数据库中的所有纯文本密码。 Currently the rows containing passwords are varchar(64) but I believe they should be converted to char(128). 当前,包含密码的行是varchar(64),但我认为应该将其转换为char(128)。 Can anyone confirm that 128 length will be long enough for the encrypted hash returned by this class? 谁能确认128长度足以满足此类返回的加密哈希的要求?
I see it hashes the key with sha256 but uses MCRYPT_RIJNDAEL_128 so I am not sure if I need to make the length char(128) or char(256) 我看到它用sha256散列密钥,但是使用MCRYPT_RIJNDAEL_128,所以我不确定是否需要将长度设为char(128)或char(256)
<?php
class Cipher
{
private $securekey;
private $iv_size;
function __construct($textkey)
{
$this->iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$this->securekey = hash('sha256', $textkey, TRUE);
}
function encrypt($input)
{
$iv = mcrypt_create_iv($this->iv_size);
return base64_encode($iv . mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->securekey, $input, MCRYPT_MODE_CBC, $iv));
}
function decrypt($input)
{
$input = base64_decode($input);
$iv = substr($input, 0, $this->iv_size);
$cipher = substr($input, $this->iv_size);
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->securekey, $cipher, MCRYPT_MODE_CBC, $iv));
}
}
?>
3 个解决方案
解决方案1
0 已采纳 2014-05-06 17:17:34
Can anyone confirm that 128 length will be long enough for the encrypted hash returned by this class?
Maybe? 也许? Run some tests. 运行一些测试。 Look at the documentation. 查看文档。
Currently the rows containing passwords are varchar(64) but I believe they should be converted to char(128).
Keep them as VARCHAR , change the length to 255. VARCHARS are stored in the backend as the string, plus one or two bytes to denote the length. 将其保留为VARCHAR ,将长度更改为VARCHARS作为字符串存储在后端,外加一个或两个字节表示长度。 One byte for 1 to 255, two bytes for 256-65535. 1字节表示1到255,两个字节表示256-65535。
eg: 例如:
A VARCHAR(255) containing the word "butts" comprises 6 bytes of storage in the back end. 包含单词“ butts”的VARCHAR(255)在后端包含6个字节的存储空间。
A CHAR(128) containing the word "butts" comprises 128 bytes of storage in the back end. 包含单词“ butts”的CHAR(128)在后端包含128个字节的存储空间。
解决方案2
0 2014-05-06 17:21:40
As far as I can tell AES-256 and RIJNDAEL-128 are 256 bit long, so you probably are safe with char(32). 据我所知, AES-256和RIJNDAEL-128长256位,因此使用char(32)可能很安全。 (check Lessons learned implementing AES in PHP using Mcrypt ) (检查从使用Mcrypt在PHP中实现AES的经验教训 )
Anyway you can always use VARCHAR(256) if you are not sure. 无论如何,如果不确定,您始终可以使用VARCHAR(256)。 It's dynamic allocation will keep you safe and the CHAR vs. VARCHAR performance won't affect you that much. 它的动态分配将确保您的安全,并且CHAR与VARCHAR的性能不会对您造成太大影响。
解决方案3
0 2014-05-06 17:21:47
You don't need to encrypt a hashed password.
您不需要加密哈希密码。 Hashing is not reversible, so it's secure. 哈希不可逆,因此很安全。 You should add a salt to the password before hashing it.
您应在对密码进行哈希处理之前为其添加盐。 Or else use bcrypt, which automatically salts. 否则,请使用bcrypt,它会自动添加盐分。 The length of a SHA256 hash is always 256 bits, which can be stored in 64 characters or 32 binary bytes.
SHA256哈希的长度始终为256位,可以存储为64个字符或32个二进制字节。 See my answer to MySQL: what data type to use for hashed password field and what length? 请参阅我对MySQL的回答:用于哈希密码字段的数据类型和长度是多少? Others have advised using VARCHAR(255) because that only stores the characters you need for a given string.
其他人建议使用VARCHAR(255),因为它只存储给定字符串所需的字符。 This is true for storage in data rows and indexes, but when such strings are copied out of the MySQL storage engine and brought into MySQL's SQL result set, they are temporarily padded out to the full string length. 对于存储在数据行和索引中的情况确实如此,但是当将这些字符串从MySQL存储引擎中复制并带入MySQL的SQL结果集时,它们会临时填充为完整的字符串长度。 So it's wasteful to use VARCHAR(255) as a de facto string column. 因此,将VARCHAR(255)用作事实上的字符串列很浪费。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.