hash_pbkdf2 与 password_hash PHP 函数 [英] hash_pbkdf2 vs password_hash PHP functions
问题描述
由于 PHP 5.5.0 现已发布,
As PHP 5.5.0 is out now,
哪个更好用(安全性、便携性、面向未来)?
Which one is better to use (security, portability, future proof)?
它说 password_hash() PASSWORD_DEFAULT 可能会在每个完整版本(+1.0 或 +0.1)中更改,那么我们如何使用以前的 DEFAULT 方法散列密码和新的默认值?这是否意味着在用户更改密码之前,数据库中已散列密码的 PHP 5.5 脚本将无法在 PHP 5.6 上运行?COST 更改怎么样 (我想知道服务器是否可以更新到 php v5.6,或者网站管理员可能会更改托管服务提供商(然后更改较弱/较强服务器的 COST),对当前用户没有任何问题)
It says the password_hash() PASSWORD_DEFAULT may change in each full release (+1.0 or +0.1) so how can we use previously DEFAULT method hashed password with new default? does that mean PHP 5.5 scripts with already hashed passwords in database will not work on PHP 5.6 until users change their passwords? what about COST change (i'm trying to know if servers can be updated to php v5.6, or website admin may change the hosting provider (and then change COST for weaker/stronger servers), without any problem for current users)
我们应该等待一些更新,还是它们在 5.5.0 中已经可以安全使用了
Should we wait for some updates or are they already safe to use in 5.5.0
我们应该继续使用 PHPass 等框架还是这些新的 PHP 5.5 功能就足够了和/或更多的未来证明?
Should we still use PHPass etc frameworks or these new PHP 5.5 functions are enough and/or more future proof?
推荐答案
密码散列函数(例如
password_hash) 是首选,因为它们可以自动化更多过程,例如选择盐、验证密码和重新哈希.
The password hashing functions (such as
password_hash) are preferred, as they automate more of the process, such as picking a salt, verifying passwords, and rehashing.
password_verify 函数会自动检测用于生成哈希的算法,因此不存在兼容性问题.
The password_verify function will automatically detect what algorithm was used to generate a hash, so there's no compatibility issue.
这些函数在 PHP 的发布版本中,所以它们应该可以很好地使用.
These functions are in a released version of PHP, so they should be fine to use.
如果您的代码需要在以下版本上运行,请使用 PHPass 或诸如 password_compat 之类的 shimPHP 5.5 之前的版本.否则,请使用密码散列函数.
Use PHPass or a shim such as password_compat if your code needs to run on versions of PHP earlier than 5.5. Otherwise, use the password hashing functions.
这篇关于hash_pbkdf2 与 password_hash PHP 函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
