什么是散列密码的最佳方式? [英] What way is the best way to hash a password?
问题描述
我正在开发一个对用户来说应该很安全的网站,所以我需要散列密码。通常我使用的是MD5,但我读到它不再安全。所以我尝试了PHPass,但后来我发现它也被破解了。所以我尝试了PHP 5.5的 散列强度对我来说非常重要,因为我希望100%确定我的用户是安全的。那么是否有一种非常安全的方式,而不是像SHA那样很快就会被黑客入侵的方法? password_hash()
,但是我使用HostGator,PHP的版本是5.4。我还希望能够在不知道它的情况下添加salt(如 time()* userid()
),就像 password_hash() code>。
password_ *
函数的前向兼容性。
示例用法:
require_once(password.php); //导入库,假设它与当前脚本位于同一目录中
$ password =HelloStackOverflow; //示例密码
$ hash = password_hash($ password,PASSWORD_BCRYPT); //这里是以前密码的散列值
$ hash = password_hash($ password,PASSWORD_BCRYPT,array(cost=> 10)); //你可以设置哈希算法的复杂性,它使用更多的CPU能力,但即使默认已经足够好,它也会更难破解。
if(password_verify($ password ,$ hash)){//检查密码是否有效
/ *有效* /
} else {
/ *无效* /
}
I'm working on a website that should be very safe for the users, so I need the hash the passwords. Usually I'm using the MD5, but I read that it doesn't safe anymore. So I tried PHPass, but then I read that it also has been cracked. So I tried password_hash()
of PHP 5.5, but I use HostGator, and the PHP there is 5.4. Also I want to be able to add salt without knowing it (like time() * userid()
), like in the password_hash()
.
The hash strength is very important to me because I want to be 100% sure that my users are safe. So is there a way that very safe and not something like SHA that will be hacked soon?
Use this library which provides forward compatibility with the password_*
functions.
Example usage :
require_once("password.php"); // imports the library, assuming it's in the same directory as the current script
$password = "HelloStackOverflow"; // example password
$hash = password_hash($password, PASSWORD_BCRYPT); // here's the hash of the previous password
$hash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 10)); // you can set the "complexity" of the hashing algorithm, it uses more CPU power but it'll be harder to crack, even though the default is already good enough
if (password_verify($password, $hash)) { // checking if a password is valid
/* Valid */
} else {
/* Invalid */
}
这篇关于什么是散列密码的最佳方式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!