mcrypt 已弃用，有什么替代方法? [英] mcrypt is deprecated, what is the alternative?

问题描述

mcrypt 扩展已弃用根据此处的评论，将在 PHP 7.2 中删除.所以我正在寻找一种加密密码的替代方法.

The mcrypt-extension is deprecated will be removed in PHP 7.2 according to the comment posted here. So I am looking for an alternative way to encrypt passwords.

现在我正在使用类似的东西

Right now I am using something like

mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key, true), $string, MCRYPT_MODE_CBC, $iv)

对于加密密码的最佳/最强方法，我需要您的意见，加密的密码当然应该受 PHP 7.xx 支持，并且还应该是可解密的，因为我的客户确实希望有一个选项来恢复"他们的密码而无需生成一个新的.

I need your opinion for the best/strongest way to encrypt passwords, the encrypted password should of course supported by PHP 7.xx and should also be decryptable because my customers do want to have an option to 'recover' their passwords without generating a new one.

推荐答案

最好的做法是对密码进行哈希处理，使其不可解密.这让可能访问您的数据库或文件的攻击者的工作变得稍微困难​​一些.

It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.

如果您必须加密数据并使其可解密，可在 https://paragonie.com/white-paper/2015-secure-php-data-encryption.总结该链接:

If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:

• 使用 Libsodium - PHP 扩展
• 如果您不能使用 Libsodium，请使用 defuse/php-encryption - 直接的 PHP 代码
• 如果您不能使用 Libsodium 或 defuse/php-encryption，请使用 OpenSSL - 许多服务器已经安装了这个.如果没有，可以使用 --with-openssl[=DIR]
进行编译

• Use Libsodium - A PHP extension
• If you can't use Libsodium, use defuse/php-encryption - Straight PHP code
• If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]

这篇关于mcrypt 已弃用，有什么替代方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！