有人能指点我一个很好的PHP / MySQL腌制散列密码的实现吗？ [英] Can someone point me to a good PHP/MySQL salted hashed password implementation?

问题描述

阅读关于salt密码散列标识后，Id想要为管理区域实现一个简单的版本，并将其添加到Im网站中。 如果您有任何与代码已经实现了这个想法，我会很感激，如果你可以分享。

谢谢，

解决方案

注册过程：用户输入密码。系统根据随机数据产生一个盐值（可能是时间和PID的散列）。系统生成密码& salt值并将它们存储在注册表中。

登录过程：用户输入密码。系统从数据库中提取盐值，并对其进行散列和密码，并将其与注册期间放入数据库的散列密码值进行比较。

明文密码永远不会被存储在数据库中。盐值永远不会被客户看到。

After reading about salts password hashing Id like to implement a simple version for an admin area to a site Im building.

If you have any good links with code that have implemented this idea well, I would appreciate it if you could share.

Thanks,

解决方案

Registration process: User enters a password. System generates a salt value from random data (could be a hash of the time & PID or something). Systems generates a hash value of the password & salt value and stores both of these in the registration table.

Login process: User enters a password. System pulls the salt value from the database and hashes it and the password and compares that against the hashed password value put into the database during registration.

The plaintext password is never stored in the database. The salt value is never visible to the client.

这篇关于有人能指点我一个很好的PHP / MySQL腌制散列密码的实现吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！