PHP Bcrypt哈希 [英] PHP Bcrypt hashing
问题描述
我想使用 Blowfish hashing 来散列密码。
I want to use Blowfish hashing to hash password.
crypt()
在5.3之前的PHP版本中不支持它
crypt()
does not support it in PHP versions prior to 5.3
我的PHP版本是5.2.14。我如何使用Blowfish哈希?我可以使用PEAR的 Crypt_Blowfish
来代替吗?
My PHP version is 5.2.14. How can I use Blowfish hashing? Can I use PEAR's Crypt_Blowfish
instead?
推荐答案
PEAR的Crypt_Blowfish是为了支持PHP的MCrypt扩展 - 这是一种双向加密方案,不适用于散列。虽然bcrypt基于Blowfish,但这不是一回事。令人困惑的是,PHP 5.3.0的CRYPT_BLOWFISH是一种哈希算法。
PEAR's Crypt_Blowfish is meant to stand in for PHP's MCrypt extension - it's a two-way encryption scheme, not for hashing. While bcrypt is based on Blowfish, it's not the same thing. Confusingly, PHP 5.3.0's CRYPT_BLOWFISH is a hashing algorithm.
有没有升级到PHP 5.3.0+的原因?这不是你想要尝试实现的东西。如果可以的话, phpass 是安全地执行基于密码的密码哈希的好方法。如果你绝对不能升级,phpass会回退到旧的散列方案(但它比普通的MD5等更安全)。
Is there a reason why upgrading to PHP 5.3.0+ would not be possible? This isn't something you want to try to implement yourself. If you can, phpass is a great way to do bcrypt-based password hashing securely. If you absolutely can't upgrade, phpass falls back to older hashing schemes (but it's still more secure than plain MD5, etc).
如果由于某种原因,您可以安装 Suhosin ,但不升级PHP,这将增加CRYPT_BLOWFISH支持。
If for some reason you can install Suhosin but not upgrade PHP, that would add CRYPT_BLOWFISH support.
为确保您目前没有安装CRYPT_BLOWFISH,请尝试以下操作:
To make sure you don't currently have CRYPT_BLOWFISH installed, try the following:
echo (CRYPT_BLOWFISH === 1) ? 'CRYPT_BLOWFISH is enabled!' : 'CRYPT_BLOWFISH is not available';
这篇关于PHP Bcrypt哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!