Zend \ Crypt \ Password \ BCrypt验证方法 [英] Zend\Crypt\Password\BCrypt verify method
问题描述
我正在使用 Zend\Crypt\Password\Bcrypt
用于存储在数据库中加密的密码.但是现在我看起来更近了,我似乎不明白此类的验证方法:
/**
* Verify if a password is correct against a hash value
*
* @param string $password
* @param string $hash
* @throws Exception\RuntimeException when the hash is unable to be processed
* @return bool
*/
public function verify($password, $hash)
{
$result = crypt($password, $hash);
return Utils::compareStrings($hash, $result);
}
根据注释根据哈希值验证密码是否正确"的功能
但是当我检查 php crypt函数时,它正在调用第二个参数是可选的$salt
而不是要验证的$hash
字符串.
But when I check the php crypt function it is calling the second argument is an optional $salt
and not a $hash
string to verify.
我的阅读方式:它首先使用传递的$hash
作为盐加密我们要检查的$password
,然后将用作盐的同一$hash
与加密的$result
进行比较! ?
How I am reading this: it first uses the passed $hash
as salt to encrypt the $password
that we want to check and then it compares the same $hash
it used as salt with the encrypted $result
!?
那么我在这里想念什么? php-doc不正确,或者我不了解发生了什么,或者我错过了文档中的某些内容.
So what am I missing here? Either the php-doc is not correct or I am not understanding what is happening or I missed something in the documents.
推荐答案
Bcrypt哈希具有详细记录的结构,例如此哈希:
Bcrypt hash has well documented structure, for example this hash:
$2y$10$aPk2mEEIkGonq6/JGr0OKOhYOdgomu61ARBjDLgb0UmHM4L8f7Hxe
字符串$2y$
是前缀,10
是cost,aPk2mEEIkGonq6/JGr0OKO
是salt(128位,base64编码的22个字符),而hYOdgomu61ARBjDLgb0UmHM4L8f7Hxe
是生成的哈希.
String $2y$
is prefix, 10
is cost, aPk2mEEIkGonq6/JGr0OKO
is salt (128-bit, base64 encoded 22 characters) and hYOdgomu61ARBjDLgb0UmHM4L8f7Hxe
is resulting hash.
crypt
函数可识别此格式,并将其适当的一部分用作盐,因此将整个哈希作为第二个参数传递毫无问题.
crypt
function recognizes this format and use appropriate part of it as a salt, so there is no problem to pass whole hash as second parameter.
这篇关于Zend \ Crypt \ Password \ BCrypt验证方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!