如果我增加了bcrypt的费用，是否必须重新哈希已注册的用户密码? [英] If I increase the bcrypt cost do I have to rehash the users password already registered?

问题描述

我正在研究Symfony2，并运行了我自己的用户提供程序. ATM我使用brypt的费用为12.如果现在增加费用，bcrypt应该再次重新加密密码！但是如何将新密码保留到数据库中?

I'm just digging into Symfony2 and just got my own user-provider running. ATM I use brypt with a cost of 12. If I now increase the cost, bcrypt should rehash the password again!?! But how can I persist the new password to database?

推荐答案

您可以随时更改费用，因为您可以在

You can change the cost in any moment because as you can read in the official symfony2 docs you don't need to rehash the old passwords because they are automatically handled with the old cost (and if you want you can force the users in the future to change their password like happens in many large sites).

这篇关于如果我增加了bcrypt的费用，是否必须重新哈希已注册的用户密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！