password_hash 的盐存储在哪里? [英] Where is the salt stored for password_hash?
问题描述
根据(相对)新的 PHP 文档:
According to (relatively) new PHP documentation:
password_hash 函数使用随机盐(我们不应该担心.. O_O),所以如果我理解正确,盐必须存储在某个地方,否则用户在注册网站后将无法登录(不同的盐 => 不同的哈希.)
The password_hash function uses a random salt (which we should not worry about.. O_O), so if I understand correctly the salt has to be stored somewhere, else the user won't be able to login after registering to a website (different salt => different hash.)
函数文档没有说明与数据库交互的任何信息,而且由于我认为存储每个用户的数据只能使用数据库进行扩展,那么该函数存储随机盐的地方到底是什么?一个 txt
文件,比如会话数据?
The function documentation doesn't tell anything about interaction with a DB, and since I think storing per-user data is scalable only with a DB, where the heck does that function store the random salt? A txt
file like session data?
推荐答案
让我们从其他人告诉你的例子中学习:
Let's learn by example from what everyone else is telling you:
$options = [
'cost' => 11,
'salt' => 'abcdefghijklmnopqrstuv',
];
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT, $options)."\n";
输出:
$2y$11$abcdefghijklmnopqrstuu7aZVUzfW85EB4mHER81Oudv/rT.rmWm
$2y$11$abcdefghijklmnopqrstuu7aZVUzfW85EB4mHER81Oudv/rT.rmWm
粗体部分是你的成本和盐,分别嵌入到结果哈希中.
The bolded parts are your cost and salt, respectively embedded in the resulting hash.
你可以把这个吐回到password_verify
它将相应地处理它:
You can spit this back into password_verify
and it will handle it accordingly:
print_r(password_verify('rasmuslerdorf', '$2y$11$abcdefghijklmnopqrstuu7aZVUzfW85EB4mHER81Oudv/rT.rmWm')); // true
这篇关于password_hash 的盐存储在哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!