PHP的BCrypt无法验证密码
[英]BCrypt of PHP cannot verify the password
问题描述
I have tested the password_verify of PHP that does not verify correctly. 
我已经测试了PHP的password_verify ,它无法正确验证。 I am using centOS and PHP version 5.3.3. 我正在使用centOS和PHP版本5.3.3。 I know the 5.3.3 version of PHP does not provide the password_hash function, so i have used the https://github.com/ircmaxell/password_compat 我知道PHP 5.3.3版本不提供password_hash函数,所以我使用了https://github.com/ircmaxell/password_compat
However, it is always to return true with different passwords when i verify it. 但是,在我验证时总是使用不同的密码返回true。 Is my code has bug? 我的代码有错误吗?
Here is my code: 这是我的代码:
$password = 'k32AlGOPqvCzoh*Sp(Hdrr26]M=lQb00R&W=hew|-|([(03vp==A8%m?l=eA2^bs_|\qVV3WZ';
$verify_pw = 'k32AlGOPqvCzoh*Sp(Hdrr26]M=lQb00R&W=hew|-|([(03vp==A8%m?l=eA2^bs_|\qVV3WZasdasdasdasdqweqa13123';
$options = array(
'cost' => 15
);
$hash = password_hash($password, PASSWORD_BCRYPT,$options);
var_dump(password_verify($verify_pw ,$hash)); // always true
1 个解决方案
解决方案1
2 已采纳 2015-11-25 08:51:40
The problem is not your code. 问题不在于您的代码。 Bcrypt has a string limit from 56 bytes eg 55 Chars Bcrypt的字符串限制为56个字节,例如55个字符
https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html
the key argument is a secret encryption key, which can be a user-chosen password of up to 56 bytes (including a terminating zero byte when the key is an ASCII string).
So your string gets truncated and is the reason why your password_verify returns allways true as the truncated strings are identical. 因此,您的字符串会被截断,这是您的password_verify始终返回true的原因,因为截断的字符串是相同的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.