密码散列 PHP 7 [英] Password Hashing PHP 7

问题描述

我目前正在学习 PHP，我一直在浏览论坛，了解如何最好地在 PHP 中散列密码.

I am currently learning PHP and I have been looking through the forum for current thinking on how best to Hash passwords in PHP.

任何人都可以就目前使用的最佳密码散列方法提供建议.我听说过 PHPass，但 2017 年有更好的选择吗?

Can anyone advise on what is currently the best password hashing method to use. I have been told about PHPass, but are there better alternatives in 2017?

感谢您的建议，

伊恩

推荐答案

你不应该加密密码，你应该只对它们进行哈希处理.加密意味着您可以将密码解密为人类可读的形式.你永远不应该那样做.散列是一种单向方式，一旦散列，密码就无法以人类可读的形式恢复.

You should never encrypt passwords, you should only hash them. Encryption implies that you can decrypt the password into a human readable form. You should never do that. Hashing is a one way street and once hashed a password cannot be recovered in human readable form.

请使用 PHP 的内置函数 password_hash() 和 password_verify()处理密码安全.如果您使用的 PHP 版本低于 5.5，您可以使用 password_hash() 兼容包.确保不要对密码进行转义或使用任何其他在散列之前对它们进行清理机制.这样做会更改密码并导致不必要的额外编码.

Please use PHP's built-in functions password_hash() and password_verify()to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.

这篇关于密码散列 PHP 7的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！