使用password_hash时生成的哈希值的最大长度? [英] Maximum length of generated hash when using password_hash?

问题描述

我正在使用

password_hash($password, PASSWORD_BCRYPT);

加密密码以存储在数据库中.据我了解，生成的哈希没有长度限制，但是我需要知道最大长度，以便可以使用它来定义数据库中适合所有密码哈希的字段(在最坏的情况下).

to encrypt passwords to store in a database. As I read, there's no length limit on generated hashes, but I need to know the maximum length so I can use it to define the field in my database which can fit all password hashes (in a worst case scenario).

如果我以纯文本形式设置密码限制为20个字符，password_hash()结果将持续多长时间?

If I put a limit of 20 characters for the password in plain text, how long will the password_hash() result will be?

推荐答案

来自 password_hash文档:

当前支持以下算法:

The following algorithms are currently supported:

PASSWORD_DEFAULT-使用bcrypt算法(自PHP 5.5.0起为默认值). 请注意，此常数的目的是随着时间的推移而变化，例如 PHP中添加了更强大的算法.因此， 使用此标识符的结果可能会随时间变化. 因此， 建议将结果存储在可以 扩展到超过60个字符(255个字符是一个不错的选择).

PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

PASSWORD_BCRYPT-使用CRYPT_BLOWFISH算法创建哈希. 这将使用"$ 2y $"产生与标准crypt()兼容的哈希 标识符. 结果将始终为60个字符串，即FALSE 失败.

PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt() compatible hash using the "$2y$" identifier. The result will always be a 60 character string, or FALSE on failure.

因此，使用PASSWORD_BCRYPT，password_hash的结果将是60个字符串.

Therefore, using PASSWORD_BCRYPT, the result of password_hash will be a 60 character string.

这篇关于使用password_hash时生成的哈希值的最大长度?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！