为什么密码散列，例如php 的 password_hash 这么慢? [英] Why is password hashing, e.g. php's password_hash so slow?

问题描述

我使用 password_hash 进行密码加密.但是有一个奇怪的问题，password_hash 花费了很长时间.这是一个示例代码.此代码将花费超过 1 秒.正常吗?

I am using password_hash for password encryption. However there is a strange question, password_hash cost very long time. Here is a sample code. this code will cost more than 1 second. Is that normal?

<?php
  $startTime = microtime(TRUE);
  $password='123456';
  $cost=13;
  $hash=password_hash($password, PASSWORD_DEFAULT, ['cost' => $cost]);
  password_verify($password,$hash);
  $endTime = microtime(TRUE);
  $time = $endTime - $startTime;
  echo $time;
?>

结果是:1.0858609676361

the result is :1.0858609676361

推荐答案

在 3v4l 上运行后，这似乎完全正常.

After running on 3v4l that seems perfectly normal.

密码散列不是您想要优化的东西.用 Leigh 在 hash 文档 中的话来说:

Password hashing is not something you want optimize. In the words of Leigh on the hash documentation:

如果您为了安全而对密码等进行哈希处理，速度不是您的朋友.你应该使用最慢的方法.

If you are hashing passwords etc for security, speed is not your friend. You should use the slowest method.

散列速度慢意味着破解速度慢，并且有望使生成彩虹表之类的东西比它的价值更麻烦.

Slow to hash means slow to crack and will hopefully make generating things like rainbow tables more trouble than it's worth.

这篇关于为什么密码散列，例如php 的 password_hash 这么慢?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！