phpmyadmin-md5()和password()之间的区别
[英]phpmyadmin - difference between md5() and password()
问题描述
I would like to create a login application using PHP and phpmyadmin databases and want the password to be encrypted so 
我想使用PHP和phpmyadmin数据库创建一个登录应用程序,并希望对密码进行加密,以便
is there another type than md5() and password() to encrypt text?
除了md5()和password()以外,还有没有其他类型可以加密文本? what the difference between md5() and password()?
md5()和password()有什么区别? what is the better betweeb md5() and password()?
betweeb md5()和password()更好的是什么?
Thank you, hopefully can be benefit to other 谢谢,希望能对其他人有所帮助
*edit I Prefer 1 way hash method for this one :) *编辑我更喜欢这种方式的一种方式:)
4 个解决方案
解决方案1
1 2014-05-09 11:50:38
Unfortunately it is not possible to store passwords safely with only SQL commands. 不幸的是,仅使用SQL命令不可能安全地存储密码。
To prevent rainbowtable attacks you should add a random salt to the hashing scheme, but this means that you cannot verify the password with SQL alone. 为了防止出现可彩虹的攻击,您应该在哈希方案中添加随机盐,但这意味着您不能仅使用SQL来验证密码。 You would have to read the salt of every row in the user table and calculate the hashes for comparing. 您将必须阅读用户表中每一行的盐,并计算哈希以进行比较。
A safe hash function can be tuned to need a certain amount of time (eg 10ms), BCrypt for example has a cost factor. 可以将安全哈希函数调整为需要一定的时间(例如10ms),例如BCrypt具有成本因素。 If you have to check every row and every calculation needs some time, you will run into problems if your user table grows. 如果必须检查每一行,并且每次计算都需要一些时间,那么如果用户表增长,则会遇到问题。
These are the reasons, why passwords should not be hashed by the database itself, instead do it with your development language. 这些就是为什么密码不应该由数据库本身散列,而是使用您的开发语言来散列的原因。 First you have to find the hash and its salt by the given username, afterwards you can verify the password for this single row. 首先,您必须通过给定的用户名找到哈希及其盐,然后您可以验证此行的密码。 For PHP have a look at the function password_hash() . 对于PHP,请查看函数password_hash() 。
解决方案2
0 2014-05-09 07:10:19
Yes, there are others types. 是的,还有其他类型。
I recommend you to use BCRYPT. 我建议您使用BCRYPT。 It allows you to encrypt passwords in a one way crypt. 它允许您以一种单次加密的方式对密码进行加密。 You won't be able to recover passwords, there's a function which let you know if a given password is the same than a crypted one. 您将无法恢复密码,有一个功能可以让您知道给定的密码是否与加密的密码相同。
Cheers 干杯
解决方案3
0 已采纳 2014-05-09 07:18:26
All the answers you can find in the official documentation . 您可以在官方文档中找到所有答案。 Please always start with that before asking questions. 在提出问题之前,请始终从此开始。
- Yes, see the list in the linked docs, with detailed explanations. 是的,请参阅链接文档中的列表以及详细说明。
- md5() uses MD5 and password() uses MySQL's native hashing, as seen in the docs. md5()使用MD5,而password()使用MySQL的本地哈希,如文档所示。
Depends on what you need it for.
取决于您需要什么。 This question is way too vague, but the docs give a hint: 这个问题太模糊了,但是文档给出了一个提示: The PASSWORD() function is used by the authentication system in MySQL Server;
PASSWORD()函数由MySQL Server中的身份验证系统使用; you should not use it in your own applications. 您不应在自己的应用程序中使用它。 For that purpose, consider MD5() or SHA2() instead. 为此,请考虑使用MD5()或SHA2()。
解决方案4
0 2014-05-09 07:18:56
The PASSWORD() function is used by the authentication system in MySQL Server; PASSWORD()函数由MySQL Server中的身份验证系统使用; you should not use it in your own applications. 您不应在自己的应用程序中使用它。 For that purpose, consider MD5() or SHA2() instead. 为此,请考虑使用MD5()或SHA2()。 Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications. 另请参阅RFC 2195的第2节(挑战-响应身份验证机制(CRAM)),以获取有关在应用程序中安全地处理密码和身份验证的更多信息。
http://www.sitepoint.com/forums/showthread.php?761789-MYSQL-s-password()-function-or-md5() http://www.sitepoint.com/forums/showthread.php?761789-MYSQL-s-password()函数-或-MD5()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.