如何重新哈希Laravel密码? [英] How to re-hash Laravel passwords?

问题描述

我正在Web应用程序中使用忘记密码功能，问题是我使用以下方式存储用户的密码:

I'm making a forget password feature in my web app, problem is I store user's password using:

Hash :: make('_ their_password _')

Hash::make('_their_password_')

是否有任何方法可以将其重新哈希化或为此提供任何建议的方法?

Is there any way to re-hash it back or any recommended approach for this?

推荐答案

对密码进行哈希处理的要点是(假定是)不可逆的操作.如果您的数据库遭到破坏，攻击者将获得对散列的访问权，但无法访问密码.这样，攻击者就无法使用其他站点上的用户密码登录.

The point of hashing a password is that it's (supposed to be) an irreversible operation. If your database is compromised, the attacker will gain access to the hashes, but not to the passwords. That way the attacker can't log in with the users' passwords on other sites.

使用我们将重置您的密码"功能，而不使用我们将向您发送密码的功能".

Make a "we'll reset your password" feature instead of a "we'll send you your password" feature.

请注意，您还应该遵循其他最佳做法，有关密码哈希，确保上面的应该是"确实成立，并在您的网站遭到入侵时进一步减少影响. Laravel的Hash类似乎已经在使用密码合适的哈希函数Bcrypt.但是，在对密码进行哈希处理时，请确保您使用的是盐.

Note that there are also other best practices you absolutely should be following regarding password hashing, to make sure the "supposed to be" above actually holds, and to further minimize the impact if your site is compromised. Laravel's Hash class seems to already be using the password-appropriate hash function Bcrypt. However, make sure you're using a salt when you're hashing your password.

这篇关于如何重新哈希Laravel密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！