(PHP 5< 5.5.0)的password_hash()的替代选择是什么? [英] what is an alternative to password_hash() for (PHP 5 < 5.5.0)?
问题描述
(PHP 5> = 5.5.0)
寻找另一种方法后,我从这里找到了这个简单的函数: http://www.sitepoint.com/password-hashing-in-php/
$ b $ pre $
函数generateHash($ password){
if(defined(CRYPT_BLOWFISH)&& CRYPT_BLOWFISH){
$盐='$ 2y $ 11 $'。 substr(md5(uniqid(rand(),true)),0,22);
返回crypt($ password,$ salt);
$ b我可以通过使用<$ c $来管理我的代码c> function_exists
在使用之前,但我的问题是关于上面的替代代码,如果它的安全或不是,或者在旧版本的PHP中有任何替代方案? 对于PHP版本< 5.3.7,我推荐:
http://www.openwall .com / phpass /
对于PHP版本> = 5.3.7,请使用:
https://github.com/ircmaxell/password_compat
生成您的自己的盐需要很多的知识,因为一个好的,适当的盐需要很多的熵。在PHP中生成这种盐很麻烦,这就是为什么你通常最终依赖于其他资源为你提供这个字符串,比如 / dev / urandom
或者 openssl_random_pseudo_bytes
。相信我,如果没有认真的研究和考虑,这不是你想要尝试自己的事情。 使用新的密码_ *
建议使用API,但如果您需要支持PHPass的早期版本(PHPass),那么它可能会有问题。讨厌每月使用PHP 5.2的$ 1托管计划
According to manual: password_hash this function can be used for (PHP 5 >= 5.5.0)
After searching for an alternative way I found this simple function from here: http://www.sitepoint.com/password-hashing-in-php/
function generateHash($password) {
if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) {
$salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22);
return crypt($password, $salt);
}
}
I can manage my code by using function_exists
before using, but My question is about above alternative code if its secure or not, or is there any alternative in older versions of PHP?
For PHP versions < 5.3.7, I'd recommend:
http://www.openwall.com/phpass/
For PHP versions >= 5.3.7, use:
https://github.com/ircmaxell/password_compat
Generating your own salts takes a lot of know how, because a good, proper salt requires a lot of entropy. Generating this salt in PHP is troublesome, which is why you usually end up depending on other resources to provide this string for you, such as /dev/urandom
or openssl_random_pseudo_bytes
. Believe me, this isn't something you want to try yourself without serious research and consideration.
Using the new password_*
API is recommended, but it can be problematic if you need to support older versions of PHP, which is where PHPass comes in. Gotta hate those $1 per month hosting plans with PHP 5.2
这篇关于(PHP 5< 5.5.0)的password_hash()的替代选择是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!