什么是创建随机哈希/字符串的最佳方式? [英] What is the best way to create a random hash/string?
问题描述
为了存储会话而生成散列的最佳方式是什么?我正在寻找一个轻量级的,便携式的解决方案。 http://php.net/manual/en/function.sha1.phprel =noreferrer> sha1
和 md5
。选择一个,而不是两个。
有人可能会认为使用 sha1(md5($ pass))
会成为解决方案。使用这两种方法不会使您的密码更安全,但会导致冗余数据,并且没有多大意义。
查看 PHP安全联盟:密码散列 他们给出了一篇优秀的文章,指出存在弱点并通过散列提高了安全性。
Nonce代表 n 个使用一次。它们用于防止未经授权的访问请求,他们发送密钥密钥并在每次使用代码时检查密钥。
您可以请参阅 FullThrottle开发中的PHP NONCE Library
What is the best way of generating a hash for the purpose of storing a session? I am looking for a lightweight, portable solution.
You can use PHP's built-in hashing functions, sha1
and md5
. Choose one, not both.
One may think that using both, sha1(md5($pass))
would be a solution. Using both does not make your password more secure, its causes redundant data and does not make much sense.
Take a look at PHP Security Consortium: Password Hashing they give a good article with weaknesses and improving security with hashing.
Nonce stands for "numbers used once". They are used on requests to prevent unauthorized access, they send a secret key and check the key each time your code is used.
You can check out more at PHP NONCE Library from FullThrottle Development
这篇关于什么是创建随机哈希/字符串的最佳方式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!