Laravel 4.1 Hash :: make不一致 [英] Laravel 4.1 Hash::make inconsistency

问题描述

我试图将数据库中的散列密码与密码进行匹配-从登录表单中散列出来，无论如何都不匹配.

I was trying to match hashed password from the database against password - hashed from the login form and it doesn't match no matter what.

然后我做了一些一致性测试.

Then I've done some consistency tests.

$password = Hash::make('secret');
echo $password;

每次刷新页面时，都会得到不同的结果.与md5不同，它是一致的.

I've been getting different results each time I refresh the page. Not like md5, it's consistent.

我想念什么吗?

还是我使用/做错了?

为什么Hash :: make使用相同的args会产生不一致的结果?

Why Hash::make produces inconsistent result with the same args?

推荐答案

是正确的，这是设计使然.

It's correct, and that's by design.

AFAIK，该函数使用 password_hash() php功能，默认为PASSWORD_BCRYPT标志，

AFAIK, the function uses the password_hash() php function, and defaults to the PASSWORD_BCRYPT flag, which

PASSWORD_BCRYPT-使用CRYPT_BLOWFISH算法创建哈希.这将使用"$ 2y $"标识符.结果将始终为60个字符串，或者失败则为假.

PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt() compatible hash using the "$2y$" identifier. The result will always be a 60 character string, or FALSE on failure.

这意味着每次调用都会自动生成一个salt，并在生成的字符串中插入，该字符串包含:算法的标识符(在这种情况下，为 $ 2y $ )，迭代成本(默认为12)，哈希密码和生成的随机盐.

That means a salt is automatically generated at each call, and inserted within the generated string, which contains: an identifier for the algo (in this case, $2y$), the iteration cost (defaults to 12), the hashed password, and the generated random salt.

这意味着，每次您对密码进行哈希处理时，都会创建一个新的盐，因此该字符串将始终是不同的-即使密码是相同的.这是不加盐的简单md5哈希的优势之一.

That means, thus, everytime you hash your password a new salt is created, therefore the string will always be different - even if the password is the same. That's one of the strengths over a simple md5 hash without salt.

要检查它，请使用Hash :: check()，它使用php_passify()php函数，该函数分析哈希，猜测使用的算法，获取嵌入的盐，因此可以检查给定的过程相同的起始条件，将创建相同的哈希.

To check it, you use Hash::check(), which uses the password_verify() php function, which analyses the hash, guess the algo used, takes, the embedded salt, and can therefore check if the procedure, given the same starting conditions, creates an identical hash.

修改

实际上，这是方法(在 Illuminate/Hashing/BcryptHasher 中)

Indeed, this is the method (in Illuminate/Hashing/BcryptHasher)

 * Hash the given value.
 *
 * @param  string  $value
 * @param  array   $options
 * @return string
 */
public function make($value, array $options = array())
{
    $cost = isset($options['rounds']) ? $options['rounds'] : $this->rounds;

    $hash = password_hash($value, PASSWORD_BCRYPT, array('cost' => $cost));

    if ($hash === false)
    {
        throw new \RuntimeException("Bcrypt hashing not supported.");
    }

    return $hash;
}

这篇关于Laravel 4.1 Hash :: make不一致的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！