堆栈内存溢出
  简体   繁体   English

如何在 PHP 中使用带有 password_hash() 的 BCRYPT

[英]How to use BCRYPT with password_hash() in PHP

 原文  2017-03-24 06:30:10       php

问题描述

Now with password_hash() in PHP >=5.6, do we need to also use BCRYPT to make the object/password more secured?现在在 PHP >=5.6 中使用 password_hash(),我们是否还需要使用 BCRYPT 来使对象/密码更加安全?

If yes, then could any one please describe how to store a password in registration page using password_hash() AND BCRYPT, and then how to retrieve information to login user on login page?如果是,那么任何人都可以描述如何使用 password_hash() 和 BCRYPT 在注册页面中存储密码,然后如何在登录页面上检索登录用户的信息?

Sorry if anyone is offended by a beginner's limited knowledge.对不起,如果有人被初学者的有限知识冒犯了。 I am confused and didn't quite get the answer.我很困惑,并没有得到答案。

UPDATE:更新:

I got the idea now, there is no need to user BCRYPT/salt/pepper with password_hash() now as PHP creates its own random salt during runtime.我现在明白了,现在不需要使用 password_hash() 来使用 BCRYPT/salt/pepper,因为 PHP 在运行时会创建自己的随机盐。 The easiest step is to simply hash password using password_hash($passwordVariable) and for verification simply use password_verify($passwordEntered, $hashedPassword_fromDB).最简单的步骤是简单地使用 password_hash($passwordVariable) 散列密码,验证时只需使用 password_verify($passwordEntered, $hashedPassword_fromDB)。 Thanks everyone.谢谢大家。

2 个解决方案

解决方案1
 2  2017-03-31 06:46:56

There is no need to user BCRYPT/salt/pepper with password_hash() now as PHP creates its own random salt during runtime.现在不需要使用 password_hash() 来使用 BCRYPT/salt/pepper,因为 PHP 在运行时会创建自己的随机盐。

The easiest step is to simply hash password using password_hash($passwordVariable) and for verification simply use password_verify($passwordEntered, $hashedPassword_fromDB)最简单的步骤是简单地使用 password_hash($passwordVariable) 散列密码,验证时只需使用 password_verify($passwordEntered, $hashedPassword_fromDB)

解决方案2
 1 已采纳  2017-03-24 07:34:23

The whole idea behind password_hash() is to always use an up-to-date hashing algorithm. password_hash()背后的整个想法是始终使用最新的散列算法。 Currently, the default algo.目前,默认算法。 used is exactly BCRYPT.使用的正是 BCRYPT。 It even allows you to pass more options in order to make your password even more secure(for example your own salt or work factor).它甚至允许您传递更多选项以使您的密码更加安全(例如您自己的盐或工作因素)。 And what's even better, is that php also offers the password_needs_rehash() function that allows you to check later if a given hash was created using the current algo,and if not, you can just rehash the password.更好的是,php 还提供了password_needs_rehash()函数,允许您稍后检查是否使用当前算法创建了给定的哈希,如果不是,您可以重新哈希密码。 Check out the official php documentation page for pasword_hash(): http://php.net/manual/en/function.password-hash.php查看 pasword_hash() 的官方 php 文档页面: http ://php.net/manual/en/function.password-hash.php

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP password_hash()/ bcrypt - PHP password_hash() / bcrypt 如何使用password_hash存储bcrypt salt? - How to store bcrypt salt with password_hash? 将password_hash更改为bcrypt - Change password_hash to bcrypt 如何使用 PHP 的 password_hash 到 hash 并验证密码 - How to use PHP's password_hash to hash and verify passwords 了解PHP password_hash使用的bcrypt salt - Understanding bcrypt salt as used by PHP password_hash 了解如何在bcrypt password_hash中生成/使用salt - Understanding how salt is generated/used in bcrypt password_hash 如何使用php的password_hash()方法。 - How to use php's password_hash() method..? PHP password_hash如何检查? - PHP password_hash how to check? 如何使用password_hash注册和登录 - How to use password_hash Register And Login 如何为CodeIgniter使用password_hash - How to use password_hash for CodeIgniter
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM