如何在用户密码中加盐? [英] How to add salt in user password?

问题描述

我正在使用简单的md5($password);格式，但是我想加盐，以便该怎么做?

I am using simple md5($password); format but i want to add salt so how i can do that?

这是我的代码:

   if($success)
    {
        $data['firstname'] = $firstname;
        $data['lastname'] = $lastname;
        $data['username'] = $username;
        $data['password'] = md5($password);
        $data['email'] = $email;


        $newUser = new User($data);
        $newUser->save(true);
        $Newuser->login($username, $password);
        header("Location: welcome.php");

    }

推荐答案

$data['hashedpwd'] = md5($salt . $password);

对于每个用户来说，时间越长，越复杂，越独特，您可以使盐变得越难使任何人都无法获取密码(尽管并非没有可能).

The longer, more complex and unique to each user you can make the salt the harder it will be for anyone to get the password (though it's not impossible).

一个简单的盐(但盐分较差)将是:$salt = '10';
盐要强得多:$salt = '-45dfeHK/__yu349@-/klF21-1_\/4JkUP/4';

A simple (but poor salt) would be: $salt = '10';
A much stronger salt would be: $salt = '-45dfeHK/__yu349@-/klF21-1_\/4JkUP/4';

用户独有的盐更好.

正如一些评论中所提到的，md5是一种较旧且相对较差的哈希算法，SHA-512或SHA-2系列中的任何一个都是更好的选择.

As mentioned in several comments md5 is an old and relatively poor hashing algorythm, SHA-512 or any of the SHA-2 family would be much better choices.

有关更多详细信息，请参见此盐腌问题.

See this salting question for more detail.

这篇关于如何在用户密码中加盐?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！