堆栈内存溢出
  简体   繁体   English

我可以md5(sha1(password))吗?

[英]Can I md5(sha1(password))?

 原文  2012-02-04 18:06:30       php/ md5/ sha1

问题描述

I'm currently coding my own CMS and I'm at the state of password... 我目前正在编写自己的CMS,并且处于密码状态...

I want to know if I can md5 a password then sha1 it after? 我想知道是否可以md5密码,然后再sha1吗?

Like: 喜欢: 

$password = md5(sha1(mysql_real_escape_string($_POST['passw'])));

5 个解决方案

解决方案1
 6 已采纳  2012-02-04 18:08:50

You can md5 any data you'd like, even if it was hashed before. 您可以md5您想要的任何数据,即使之前已对其进行了哈希处理。

It will, however, only increase the risk of collisions because you're now working on a smaller dataset. 但是,这只会增加发生碰撞的风险,因为您现在正在处理较小的数据集。

What are you trying to achieve? 您想达到什么目的?

解决方案2
 4  2012-02-04 18:12:42

Yes you can. 是的你可以。 No it doesn't make sense. 不,这没有道理。

The security of chained hash functions is allways equal to or less than the security of the weakest algorithm. 链式哈希函数的安全性始终等于或小于最弱算法的安全性。

ie md5(sha1($something)) is not more secure, than sha1($something): If you manage to break the sha1, you get the md5 for free, as shat($something) and sha1($faked_something) have the same value, and thus md5ing them will not change anything. 即md5(sha1($ something))并不比sha1($ something)更安全:如果设法破坏sha1,则可以免费获得md5,因为shat($ something)和sha1($ faked_something)具有相同的值,因此对它们进行md5更改不会有任何改变。

解决方案3
 2  2012-02-05 11:47:30

Make sure you add a salt in there too, this makes it much harder to use rainbow tables against your customer's/user's passwords. 确保在其中也添加了盐,这使得使用彩虹表代替客户/用户的密码更加困难。

Something like: 就像是:

$hashedPassword = sha1(md5($password) . $salt . sha1($salt . $password)); $ hashedPassword = sha1(md5($ password)。$ salt。sha1($ salt。$ password));

Where salt can be a nice long random string itself, either constant across your application or a salt per contact which is stored with the user too. 盐本身可以是一个很好的长随机字符串,在整个应用程序中可以是恒定的,也可以是与用户一起存储的每次联系中的盐。

解决方案4
 1  2012-02-04 18:09:50

You obviously can. 你显然可以。 I don't see why you couldn't. 我不明白为什么你不能。

If you want better security you should consider something like phpass . 如果您想要更好的安全性,则应考虑使用phpass之类的东西

解决方案5
 1  2012-02-04 18:19:24

You can do this, but there's no real benefit to it. 您可以这样做,但是并没有真正的好处。 If you're running your passwords through md5() , you'll get a bit more security from adding a cryptographic salt. 如果您通过md5()运行密码,则通过添加加密盐将获得更高的安全性。

What is SALT and how do I use it? 什么是SALT,我该如何使用? has more info on that. 有更多的信息。

The other bit of advice you may hear a lot is to not use MD5 . 您可能会听到很多其他建议是不要使用MD5 SHA1 is comparatively stronger, and you only need to change your password field in your database to accept a 40 character string. SHA1相对更强大,您只需要更改数据库中的密码字段即可接受40个字符串。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 密码哈希,BCrypt到SHA1 / MD5 - Password Hashing, BCrypt to SHA1/MD5 可以打破sha1(md5('密码'))密码? - It`s possible to break a sha1(md5('password')) password? PHP.net说md5()和sha1()不适合密码? - PHP.net says that md5() and sha1() unsuitable for password? 我如何在Java中找到php md5(sha1(“ test”)) - how can i find php md5(sha1(“test”)) in java 我可以使用MD5(String)+ SHA1(String)作为唯一标识吗? (仅ASCII) - Can i use MD5(String)+SHA1(String) for uniqueid? (ASCII Only) 使用MD5和SHA1进行多次散列 - Multiple times hashing with MD5 and SHA1 通过md5和sha1生成兰德哈希 - Generate rand hash by md5 and sha1 从md5更改为sha1,盐分 - changing from md5 to sha1,salting 帮助使用PHP中的SHA1或MD5 - Help with SHA1 or MD5 in PHP 使用sha1(md5($ password))是否安全,有什么区别吗? - Is it safe to use sha1(md5($password)) and does it make any difference?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM