PASSWORD_DEFAULT和PASSWORD_BCRYPT [英] PASSWORD_DEFAULT vs PASSWORD_BCRYPT

问题描述

PASSWORD_DEFAULT和PASSWORD_BCRYPT有什么区别? 他们都使用Blowfish加密算法吗? 算法的成本是多少? 如何在PHP中设置password_hash会产生255个哈希值而不是60个哈希值?

What is the difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT? Do they both use Blowfish encryption algorithm? What is cost in an algorithm? How to set up password_hash in PHP produce a 255-hash length instead of 60?

推荐答案

当前唯一支持PASSWORD_BCRYPT的算法(使用CRYPT_BLWFISH)，因此PASSWORD_DEFAULT和PASSWORD_BCRYPT之间目前没有区别. PASSWORD_DEFAULT的目的是允许将来包含其他算法，因此PASSWORD_DEFAULT将始终用于应用最受支持的哈希算法.

Currently PASSWORD_BCRYPT is the only algorithm supported (using CRYPT_BLWFISH), therefore there is currently no difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT. The purpose of PASSWORD_DEFAULT is to allow for the inclusion of additional algorithms in the future, whereupon PASSWORD_DEFAULT will always be used to apply the strongest supported hashing algorithm.

成本与所执行算法的迭代次数有关，并且会影响计算速度以及所生成的哈希值.更高的成本需要更长的执行时间，从而降低了蛮力攻击的速度

Cost is related to the number of iterations of the algorithm that are executed, and affects the speed of calculation as well as the hash value generated. Higher costs take longer to execute, slowing brute force attacks

这篇关于PASSWORD_DEFAULT和PASSWORD_BCRYPT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！