为password_hash()设置一个盐
[英]Setting a salt for password_hash()
问题描述
I'm creating a mass user import script in PHP for owncloud . 
我正在用PHP为owncloud创建大量用户导入脚本。 I read the users from a CSV file, then I'll add them to the owncloud database . 我从CSV文件读取用户,然后将其添加到owncloud database 。 I'm having an issue with the passwords though. 我的密码有问题。 To my knowledge, owncloud uses password_hash() with BCRYPT . 据我所知,owncloud使用password_hash()与BCRYPT 。 I have the passwordsalt , but I'm not sure how to use that salt with password_hash() . 我有passwordsalt ,但是我不确定如何在password_hash()使用该盐。
Any help there guys? 有什么帮助吗?
2 个解决方案
解决方案1
1 已采纳 2016-01-07 18:48:58
Use salt in the option array like this 像这样在选项数组中使用盐
password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "thisisyoursalt"));
But using your own salt is not a good idea. 但是,使用自己的盐并不是一个好主意。 Let password_hash() create a salt for your password. 让password_hash()为您的密码创建一个盐。 password_hash() will create different salt for every password. password_hash()将为每个密码创建不同的盐。 It will increase your password security strength. 它将增加您的密码安全强度。
解决方案2
0 2016-01-13 15:11:15
If the hashes are produced by password_hash() or crypt() , then the salt is included in the resulting hash value. 如果哈希值是由password_hash()或crypt() ,则盐值将包含在所得哈希值中。 To check a password against this hash, you can use the function password_verify() , this function extracts the salt and other parameters automatically. 要针对此哈希检查密码,可以使用函数password_verify() ,该函数自动提取salt和其他参数。
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.