哪一个更好?使用您自己的加密算法还是使用md5/sha1? [英] Which one is better? using your own encrypting algorithm or using md5/sha1?

问题描述

我希望我的密码在数据库中是安全的.即使有人泄露了密码，我也不希望任何人都能解密它们.

I want my passwords to be secure in database. Even if someone leaks the passwords I don't want anyone to be able to decrypt them.

推荐答案

密码是散列的，而不是加密的.有一个很大的不同.您必须了解，可以通过解密加密的字符串来检索它们.散列时这是不可能的.在大多数情况下，哈希是不可逆的，并且通过匹配哈希来检查密码.诸如MD5之类的哈希方法已被破解，因此不再安全，因为密码可以被取消哈希".

Passwords are hashed, not encrypted. There is a big difference. You must understand that encrypted strings can be retrieved by decrypting them. This is not possible when hashing. Hashes are, most of the time, not reversible and passwords are checked by matching the hashes. Hash methods such as MD5 have been cracked and are therefore not safe anymore as the password can be "unhashed".

您不应该尝试创建自己的哈希算法，因为它很可能会带来重大的安全缺陷.当今的算法是由无数安全和密码学专家开发的，并且已经被一遍又一遍地分析.您的后院算法比专家开发的算法更安全的可能性只有零％.

You should not attempt to make your own hashing algorithm as it will most likely have major security flaws. Current day algorithms have been developed by countless of security and cryptography experts and have been analyzed over and over again. There is just a zero percent chance that your backyard algorithm will be more secure than algorithms developed by experts.

只需使用PHP默认方法，即 password_hash 和 password_verify .散列函数本身会生成随机盐，该随机盐将附加到散列密码中.因此，这是一种非常安全的方法，也是您最好的选择.

Just use the PHP default methods which are password_hash and password_verify. The hashing function generates a random salt by itself which is appended to the hashed password. It is therefore a very safe method and your best bet.

这篇关于哪一个更好?使用您自己的加密算法还是使用md5/sha1?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！