PHP password_hash()password_verify()最大密码长度? [英] PHP password_hash() password_verify() maximum password length?

问题描述

我可以在PHP 5.5 password_hash()和password_verify()中使用的最大密码长度是多少?

What is the maximum password length I can use with PHP 5.5 password_hash() and password_verify()?

推荐答案

好吧，让我们看一下.

功能有密码长度限制.就像PHP中的所有字符串一样，它限制为2 ^ 31-1个字节.

The function does have a password length limit. Just like all strings in PHP, it is limited to 2^31-1 bytes.

要清楚，PHP无法处理大于该值的任何事情(至少今天是这样).

To be clear, there's no way for PHP to deal with anything larger than that (today at least).

因此，功能本身受到限制.但是底层的加密算法呢?

So the function itself is limited. But what about the underlying crypto algorithms.

BCrypt 仅限于处理密码的前72个字符.但是，这通常不是问题.在这个答案中.

BCrypt is limited to processing the first 72 characters of password. However, this is not commonly a problem as explained in this answer.

因此，简而言之，是，它确实有一个有效的限制(它将仅使用默认且唯一的算法来使用"前72个字符)，并且否不是问题，也不应该尝试修复"或缓解"该问题.

So in short, yes it does have an effective limit (it will only "use" the first 72 chars with the default and only algorithm), And no this is not a problem and nor should you try to "fix" or "mitigate" it.

这篇关于PHP password_hash()password_verify()最大密码长度?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！