如何在mysql中创建带有密码字段的表? [英] How to create tables with password fields in mysql?
问题描述
我应该将密码列创建为常规varchar,然后这样插入:
Should I create the password column as a regular varchar and then insert like this:
sha1($pass_string)
还是应该在创建表时做一些额外的事情,以确保密码字段是安全的?
Or should I do something extra upon the creation of the table to make sure that password field is secure?
谢谢!
推荐答案
这是一个普通的varchar字段(40个字符),但是如果您想更安全地设置它,则应该使用salt.
It's a normal varchar field (40 characters) but if you want to set it more secure you should use salt.
http://highedwebtech.com/2008/04/25/用一些盐调味您的密码/
更新:
警告:不加盐的哈希密码确实很弱!永远不要使用它!
密码加盐是实现此目的的好方法: 密码加盐
Password salting is the good way for doing it : password salting
根据pst的建议:
-
使用SHA-1和盐是更幼稚但非常安全的方法.
using SHA-1 and salt is the more naive but quite well secure approach.
使用 bcrypt :
这是一种更安全的方法:)因为它使用速度来使其更加安全,所以bfish是围绕加密方法blowfish构建的哈希函数. (似乎也有Twofish存在,应该是河豚的现代"版本.)
it's the more secure approach :) because it use speed in order to make it more secure, bfish is a hash function built around the encryption method blowfish. (Seems than twofish exists too and should be the "modern" version of blowfish).
- 使用 HMAC-SHA1 :
这是一个使用SHA-1链的版本,因此它是一个中间解决方案,但可以根据您的需要设置速度.实际上,速度会削弱您的安全性.
It's a version using a chain of SHA-1 so it's a intermediate solution, but allowing to set speed to your needs. In fact speed make weaker your security.
这篇关于如何在mysql中创建带有密码字段的表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!