在MySQL表中存储用户密码的最佳PHP散列方法？ [英] Best PHP hashing method for storing user passwords in a MySQL table?

问题描述

我一直在阅读Stack Overflow问题大概15分钟，而且每一个单词似乎与之前的一个相反。 Bcrypt，SHA1，MD5等。我目前MD5是我的密码，但是我想让我的数据库更加安全，以防万一违规。

I've been reading Stack Overflow questions for about 15 minutes now and every single one seems to contradict the previous one I read. Bcrypt, SHA1, MD5, and so on. I currently MD5 my passwords, but I want to make my database more secure in case of a breach.

我知道这已经被问了一百万次，

I know this has been asked a million times, but I can't seem to find a decent answer anywhere else.

谢谢。

推荐答案

p>你看到矛盾的答案是因为没有正确的答案。您应该使用应用程序可以支持的最安全的方法。更安全=更多开销。

The reason you see contradictory answers is because there is no right one. You should use the most secure method that your application can support. More secure = more overhead.

MD5 已被破解和破解。

根据这篇文章，SHA1是坏的。但是它还没有被破解。

According to this article, SHA1 is broken. However it has not yet been cracked.

bcrypt没有（据我所知）据发现被破坏。

bcrypt has not (to the best of my knowledge) been found to be broken.

给定足够的CPU周期，任何哈希或加密算法最终都可以绕过。您的决定应该平衡数据的安全性与应用程序的性能。

Given enough CPU cycles, any hashing or encryption algorithm can eventually be circumvented. Your decision should balance the security of your data with the performance of your application.

鉴于这些警告，bcrypt目前是defacto标准。它是为强度而不是速度而设计的，不知道是坏的。有关bcrypt的信息索引，请参阅维基百科上的bcrypt文章。

Given those caveats, bcrypt is the defacto standard at this time. It is designed for strength, not speed, and is not known to be broken. For an index of information about bcrypt, see the bcrypt article on Wikipedia.

这篇关于在MySQL表中存储用户密码的最佳PHP散列方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！