laravel密码盐存放在哪里? [英] Where are laravel password salts stored?
问题描述
Laravel使用bcrypt
来哈希密码.
Laravel uses bcrypt
to hash passwords.
根据本文的介绍,在过程中的某些时候,Hash::make
函数创建并使用22个长度的随机字符串作为盐来生成密码.
According to this article, at some point in the process, the Hash::make
function creates and uses a 22-length random string as a salt to generate the password.
对于单个不同的密码,Hash::make
确实返回唯一的哈希,这暗示它在过程中的某处确实使用了某种盐化方法.
For a single distinct password, Hash::make
does return unique hashes, hinting that it does use some kind of salting somewhere in the process.
但是这些盐没有存储在用户期望的用户表中. laravel如何知道用于验证密码的适当哈希?
But these salts are not stored in the users table, where I would expect them. How does laravel know the appropriate hash to use to verify the password?
推荐答案
您链接的文章似乎包含了答案. https://mnshankar.wordpress.com/2014/03/29/laravel-hash -make-explained/
The article that you linked seems to contain the answer. https://mnshankar.wordpress.com/2014/03/29/laravel-hash-make-explained/
这样做的聪明之处在于算法,盐和成本是 嵌入到哈希中,因此可以很容易地解析为 用于重建/验证的单个组件(请参阅 php crypt源代码的相关部分位于 https://github.com/php/php-src/blob/master/ext/standard/crypt.c#L258 ). 因此,您无需将盐/成本单独存储在 数据库表.
The cleverness of this is that the algorithm, salt and cost are embedded into the hash and so can be easily parsed out into individual components for reconstruction/verification (Please see relevant sections of the php crypt source code at https://github.com/php/php-src/blob/master/ext/standard/crypt.c#L258). Because of this, you don’t need to store the salt/cost separately in a database table.
这篇关于laravel密码盐存放在哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!