Zend \ Crypt \ Password \ BCrypt验证方法 [英] Zend\Crypt\Password\BCrypt verify method

问题描述

我正在使用 Zend\Crypt\Password\Bcrypt 用于存储在数据库中加密的密码.但是现在我看起来更近了，我似乎不明白此类的验证方法:

/**
 * Verify if a password is correct against a hash value
 *
 * @param  string $password
 * @param  string $hash
 * @throws Exception\RuntimeException when the hash is unable to be processed
 * @return bool
 */
public function verify($password, $hash)
{
    $result = crypt($password, $hash);
    return Utils::compareStrings($hash, $result);
}

根据注释根据哈希值验证密码是否正确"的功能

但是当我检查 php crypt函数时，它正在调用第二个参数是可选的$salt而不是要验证的$hash字符串.

But when I check the php crypt function it is calling the second argument is an optional $salt and not a $hash string to verify.

我的阅读方式:它首先使用传递的$hash作为盐加密我们要检查的$password，然后将用作盐的同一$hash与加密的$result进行比较！ ?

How I am reading this: it first uses the passed $hash as salt to encrypt the $password that we want to check and then it compares the same $hash it used as salt with the encrypted $result !?

那么我在这里想念什么? php-doc不正确，或者我不了解发生了什么，或者我错过了文档中的某些内容.

So what am I missing here? Either the php-doc is not correct or I am not understanding what is happening or I missed something in the documents.

推荐答案

Bcrypt哈希具有详细记录的结构，例如此哈希:

Bcrypt hash has well documented structure, for example this hash:

$2y$10$aPk2mEEIkGonq6/JGr0OKOhYOdgomu61ARBjDLgb0UmHM4L8f7Hxe

字符串$2y$是前缀，10是cost，aPk2mEEIkGonq6/JGr0OKO是salt(128位，base64编码的22个字符)，而hYOdgomu61ARBjDLgb0UmHM4L8f7Hxe是生成的哈希.

String $2y$ is prefix, 10 is cost, aPk2mEEIkGonq6/JGr0OKO is salt (128-bit, base64 encoded 22 characters) and hYOdgomu61ARBjDLgb0UmHM4L8f7Hxe is resulting hash.

crypt 函数可识别此格式，并将其适当的一部分用作盐，因此将整个哈希作为第二个参数传递毫无问题.

crypt function recognizes this format and use appropriate part of it as a salt, so there is no problem to pass whole hash as second parameter.

这篇关于Zend \ Crypt \ Password \ BCrypt验证方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！