什么是Drupal的默认密码加密方法? [英] What is Drupal's default password encryption method?
问题描述
我正在设法确定Drupal 6/7在默认情况下使用哪种方式来存储密码。是MD5,AES,SHA?我没有找到任何东西。
I am trying to figure out what is the security that Drupal 6/7 uses by default to store passwords. Is it MD5, AES, SHA? I have been unable to find anything.
推荐答案
Drupal 8和Drupal 7默认使用SHA512。他们通过PHP的哈希功能多次运行哈希,以增加计算成本生成密码的最终哈希(称为拉伸的安全技术)。
Drupal 8 and Drupal 7 use SHA512 by default with a salt. They run the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching).
使用Drupal 8,实现是面向对象的。有一个 PasswordInterface 它定义了哈希方法。该接口的默认实现是在 PhpassHashedPassword 类。那个类' hash 方法调用 crypt 方法传递SHA512作为散列算法,密码和生成的盐。类crypt方法与Drupal 7的 _password_crypt几乎相同()方法。
With Drupal 8, the implementation is object oriented. There is a PasswordInterface which defines a hash method. The default implementation of that interface is in the PhpassHashedPassword class. That class' hash method calls the crypt method passing in SHA512 as the hashing algorithm, a password, and a generated salt. The class' crypt method is nearly the same as Drupal 7's _password_crypt() method.
使用Drupal 7,实现被分为几个全局函数: user_hash_password()和 _ password_crypt()。
With Drupal 7, the implementation is split into a couple global functions: user_hash_password() and _password_crypt().
Drupal 6使用MD5,没有盐。相关功能是 user_save()。
Drupal 6 uses MD5 without a salt. The relevant function is user_save().
这篇关于什么是Drupal的默认密码加密方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!