基本 mysql sha1 密码有效检查 [英] basic mysql sha1 password valid check

问题描述

我正在使用 sha1 函数将我的密码存储在 mysql 数据库中..

I am using sha1 function to store my password in mysql DB..

$passwordHash = sha1($password);

从谷歌我得到了这个来自用户注册

From google I got this From user registration

sha1( sha1(users_plaintext_password)+random string )

检查

server computes sha1( users_hashed_password_in_database +
$_SESSION['random_string'] )

if $_POST['password'] ==
sha1( users_hashed_password_in_database + $_SESSION['random_string'] )

我的问题是如何检查验证?这是正确的方法吗??使用一些随机字符串作为盐是否可以为我的密码提供更多保护??

My question is how do I check for validation?Is this the correct method?? And does using some random string as salt give my password more protection??

推荐答案

我会这样做:

$seed = 'some random string';
$passwordHash = sha1($password.$seed);

然后对用户输入的数据做同样的处理:

Then do the same with data entered by the user:

$pass = $_POST['password'];
if(sha1($pass.$seed) == $passwordHash){
    //log user in
}

种子是个好主意，因为用户经常选择容易猜到的密码.另一个优势是，如果有人设法侵入，您可以通过更改种子来恢复网站的安全性.

The seed is a good idea, because users often pick passwords that are easy to guess. Another advantage is that you may be able to restore security to your site by changing the seed if someone manages to hack their way in.

这篇关于基本 mysql sha1 密码有效检查的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！