什么是Drupal的默认密码加密方法？ [英] What is Drupal's default password encryption method?

问题描述

我正在设法确定Drupal 6/7在默认情况下使用哪种方式来存储密码。是MD5，AES，SHA？我没有找到任何东西。

I am trying to figure out what is the security that Drupal 6/7 uses by default to store passwords. Is it MD5, AES, SHA? I have been unable to find anything.

推荐答案

Drupal 8和Drupal 7默认使用SHA512。他们通过PHP的哈希功能多次运行哈希，以增加计算成本生成密码的最终哈希（称为拉伸的安全技术）。

Drupal 8 and Drupal 7 use SHA512 by default with a salt. They run the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching).

使用Drupal 8，实现是面向对象的。有一个 PasswordInterface 它定义了哈希方法。该接口的默认实现是在 PhpassHashedPassword 类。那个类' hash 方法调用 crypt 方法传递SHA512作为散列算法，密码和生成的盐。类crypt方法与Drupal 7的 _password_crypt几乎相同（）方法。

With Drupal 8, the implementation is object oriented. There is a PasswordInterface which defines a hash method. The default implementation of that interface is in the PhpassHashedPassword class. That class' hash method calls the crypt method passing in SHA512 as the hashing algorithm, a password, and a generated salt. The class' crypt method is nearly the same as Drupal 7's _password_crypt() method.

使用Drupal 7，实现被分为几个全局函数： user_hash_password（）和 _ password_crypt（）。

With Drupal 7, the implementation is split into a couple global functions: user_hash_password() and _password_crypt().

Drupal 6使用MD5，没有盐。相关功能是 user_save（）。

Drupal 6 uses MD5 without a salt. The relevant function is user_save().

这篇关于什么是Drupal的默认密码加密方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！