使用散列安全地存储用户密码 [英] Using hashing to safely store user passwords
问题描述
在提出问题之前,请尝试搜索StackOverflow.已经回答了许多问题.例如:
Please try to search StackOverflow before asking a question. Many questions are already answered. For example:
- PHP& MySQL比较密码
- 如何使用哈希('sha256',$ salt.$ password)创建一个mySQL用户?
- 保护PHP密码的哈希值和盐值
- 具有单个查询和每用户密码盐的用户登录
- 用于密码哈希的非随机盐
- PHP & MySQL compare password
- how do I create a mySQL user with hash(‘sha256’, $salt . $password)?
- Secure hash and salt for PHP passwords
- User Login with a single query and per-user password salt
- Non-random salt for password hashes
嗨
我希望即使在数据库中也没人能看到我的密码.
I want that nobody can see my password even in database..
所以我使用了像这样的哈希函数
So i used hash function like this
$passowrd_hash=hash('shal',$_POST['password']);
现在,我可以轻松地将此password_hash值存储到数据库中.就像是加密形式.
Now easily I can store this password_hash value into database. It will be something like in encrypted form.
现在用户知道其原始密码,而他不知道此加密密码.
Now user know its original password he don't know this encrypted password.
现在,如果他尝试通过此原始密码登录.他将无法登录.
Now if he try to login through this original password..He is not able to login.
有什么方法可以解密并让用户登录.他既可以实现密码安全性又可以再次登录.
So is there any method so that it can be decrypted and user can make log in. So he can achieve both security of password as well as login again.
该怎么做?
推荐答案
您需要对用户输入的密码进行哈希处理并比较哈希值.
you need to hash the user input password and compare hashes.
这篇关于使用散列安全地存储用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
