什么是双向处理密码的好选择? [英] What is a good option for a two-way processing of password?

问题描述

我打算使用 Kohana 的加密类，但是否有更好、更安全的方式进行双向处理?我希望我的用户能够发送请求以获取他们以前的密码，而不是给他们重置密码.

I plan on using Kohana's encryption class but is there a better and more secure way of doing a two-way processing? I want my users to be able to send requests for their previous passwords, not give them a reset one.

您可以推荐任何算法或库吗?尤其是在 PHP 中?

Any algorithms or libraries you can suggest? prticularly in PHP?

推荐答案

我不会做双向加密.这基本上根本没有加密，因为您需要访问代码中的加密密钥，这样您的所有密码都会被有效地泄露.

I wouldn't do two-way encryption. That's basically no encryption at all since you'll need access to the encryption key within the code so all your passwords are effectively compromised.

您应该使用单向函数，例如 SHA1 或MD5(SHA1 更好).当用户尝试登录时，加密他们使用的密码并将其与您存储的密码进行比较.

You should use one-way has functions like SHA1 or MD5 (SHA1 is better). When the user attempts to login, encrypt the password they used and compare it to what you've got stored.

这篇关于什么是双向处理密码的好选择?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！