PHP Bcrypt哈希 [英] PHP Bcrypt hashing

问题描述

我想使用 Blowfish hashing 来散列密码。

I want to use Blowfish hashing to hash password.

crypt（）在5.3之前的PHP版本中不支持它

crypt() does not support it in PHP versions prior to 5.3

我的PHP版本是5.2.14。我如何使用Blowfish哈希？我可以使用PEAR的 Crypt_Blowfish 来代替吗？

My PHP version is 5.2.14. How can I use Blowfish hashing? Can I use PEAR's Crypt_Blowfish instead?

推荐答案

PEAR的Crypt_Blowfish是为了支持PHP的MCrypt扩展 - 这是一种双向加密方案，不适用于散列。虽然bcrypt基于Blowfish，但这不是一回事。令人困惑的是，PHP 5.3.0的CRYPT_BLOWFISH是一种哈希算法。

PEAR's Crypt_Blowfish is meant to stand in for PHP's MCrypt extension - it's a two-way encryption scheme, not for hashing. While bcrypt is based on Blowfish, it's not the same thing. Confusingly, PHP 5.3.0's CRYPT_BLOWFISH is a hashing algorithm.

有没有升级到PHP 5.3.0+的原因？这不是你想要尝试实现的东西。如果可以的话， phpass 是安全地执行基于密码的密码哈希的好方法。如果你绝对不能升级，phpass会回退到旧的散列方案（但它比普通的MD5等更安全）。

Is there a reason why upgrading to PHP 5.3.0+ would not be possible? This isn't something you want to try to implement yourself. If you can, phpass is a great way to do bcrypt-based password hashing securely. If you absolutely can't upgrade, phpass falls back to older hashing schemes (but it's still more secure than plain MD5, etc).

如果由于某种原因，您可以安装 Suhosin ，但不升级PHP，这将增加CRYPT_BLOWFISH支持。

If for some reason you can install Suhosin but not upgrade PHP, that would add CRYPT_BLOWFISH support.

为确保您目前没有安装CRYPT_BLOWFISH，请尝试以下操作：

To make sure you don't currently have CRYPT_BLOWFISH installed, try the following:

 echo (CRYPT_BLOWFISH === 1) ? 'CRYPT_BLOWFISH is enabled!' : 'CRYPT_BLOWFISH is not available'; 

这篇关于PHP Bcrypt哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！