如何加密网站的用户登录密码 [英] How to go about encrypting user login passwords for a website
问题描述
我正在为公司开发一个网站,并且需要登录验证才能使用该公司提供的一些服务。使用常识,我知道在将数据保存到数据库时,我需要加密用户的密码。不是一个问题,我可以简单地实现哈希算法并存储哈希(或者某些东西,我仍然需要拖动StackOverflow来找出最好的方式来保存这些信息,但这不是我所要求的)。
I'm developing a website for a company, and they require login verification in order to use some of the services that this company provides. Using common sense, I know that I need to encrypt the user's password when saving it to a database. Not a problem, I can simply implement a hashing algorithm and store the hash (or something, I still need to troll StackOverflow to figure out the best way to save this information, but that's not what I'm asking).
我好奇的是如何实际执行加密算法。这是服务器上的一个独立程序,将加密密码,然后存储?或者我必须使用PHP模块加密密码?还是我没有想到的东西?
What I'm curious about is how to actually execute the encryption algorithm. Is that a stand-alone program on the server that will encrypt the password and then store it? Or would I have to use a PHP module to encrypt the password? Or is it something else that I'm not thinking of?
任何和所有的答案都是赞赏的,如果我的措辞不好,我指望你打电话给我;)
Any and all answers are appreciated, and if I worded anything poorly, I'm counting on you to call me out on it ;)
推荐答案
PHP内置的哈希方法运行良好。无需打电话给第三方图书馆。
您应该查看 hash()函数。记住在保存哈希时使用强盐。在互联网上应该有很多关于这个的好文章,还有这里。
PHP's built in hashing methods works well. No need to call inn third party libraries. You should take a look at the hash() function. Remember to use a strong salt when saving the hash. There should be plenty of good articles around the internet about this, and also here.
正如drrcknlsn在评论中所指出的那样,md5和sha1会被认为是坏的选择。
As pointed out by drrcknlsn in a comment, md5 and sha1 would bad choices since they are considered broken.
另外,正如Grexis在答案中指出的那样,PBKDF2也是您可以研究的一种方法。
Also, as Grexis points out in his answer, PBKDF2 is also one method the you could look into.
这篇关于如何加密网站的用户登录密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
