如何在用户密码中加盐? [英] How to add salt in user password?
问题描述
我正在使用简单的md5($password);
格式,但是我想加盐,以便该怎么做?
I am using simple md5($password);
format but i want to add salt so how i can do that?
这是我的代码:
if($success)
{
$data['firstname'] = $firstname;
$data['lastname'] = $lastname;
$data['username'] = $username;
$data['password'] = md5($password);
$data['email'] = $email;
$newUser = new User($data);
$newUser->save(true);
$Newuser->login($username, $password);
header("Location: welcome.php");
}
推荐答案
$data['hashedpwd'] = md5($salt . $password);
对于每个用户来说,时间越长,越复杂,越独特,您可以使盐变得越难使任何人都无法获取密码(尽管并非没有可能).
The longer, more complex and unique to each user you can make the salt the harder it will be for anyone to get the password (though it's not impossible).
一个简单的盐(但盐分较差)将是:$salt = '10';
盐要强得多:$salt = '-45dfeHK/__yu349@-/klF21-1_\/4JkUP/4';
A simple (but poor salt) would be: $salt = '10';
A much stronger salt would be: $salt = '-45dfeHK/__yu349@-/klF21-1_\/4JkUP/4';
用户独有的盐更好.
正如一些评论中所提到的,md5是一种较旧且相对较差的哈希算法,SHA-512或SHA-2系列中的任何一个都是更好的选择.
As mentioned in several comments md5 is an old and relatively poor hashing algorythm, SHA-512 or any of the SHA-2 family would be much better choices.
有关更多详细信息,请参见此盐腌问题.
See this salting question for more detail.
这篇关于如何在用户密码中加盐?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!