[英]BCrypt of PHP cannot verify the password
I have tested the password_verify
of PHP that does not verify correctly. 我已经测试了PHP的password_verify
,它无法正确验证。 I am using centOS and PHP version 5.3.3. 我正在使用centOS和PHP版本5.3.3。 I know the 5.3.3 version of PHP does not provide the password_hash
function, so i have used the https://github.com/ircmaxell/password_compat 我知道PHP 5.3.3版本不提供password_hash
函数,所以我使用了https://github.com/ircmaxell/password_compat
However, it is always to return true with different passwords when i verify it. 但是,在我验证时总是使用不同的密码返回true。 Is my code has bug? 我的代码有错误吗?
Here is my code: 这是我的代码:
$password = 'k32AlGOPqvCzoh*Sp(Hdrr26]M=lQb00R&W=hew|-|([(03vp==A8%m?l=eA2^bs_|\qVV3WZ';
$verify_pw = 'k32AlGOPqvCzoh*Sp(Hdrr26]M=lQb00R&W=hew|-|([(03vp==A8%m?l=eA2^bs_|\qVV3WZasdasdasdasdqweqa13123';
$options = array(
'cost' => 15
);
$hash = password_hash($password, PASSWORD_BCRYPT,$options);
var_dump(password_verify($verify_pw ,$hash)); // always true
The problem is not your code. 问题不在于您的代码。 Bcrypt
has a string limit from 56
bytes eg 55 Chars Bcrypt
的字符串限制为56
个字节,例如55个字符
https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html
the key argument is a secret encryption key, which can be a user-chosen password of up to 56 bytes (including a terminating zero byte when the key is an ASCII string). key参数是一个秘密加密密钥,它可以是用户选择的密码,最大为56个字节(当密钥是ASCII字符串时,包括一个终止的零字节)。
So your string gets truncated and is the reason why your password_verify
returns allways true
as the truncated strings are identical. 因此,您的字符串会被截断,这是您的password_verify
始终返回true
的原因,因为截断的字符串是相同的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.