如何在PHP中安全生成SSHA256或SSHA512哈希值？ [英] How to securely generate SSHA256 or SSHA512 hashes in PHP?

问题描述

我正在开发邮件服务器的网络管理模块（如果您想要请查看）。

I am working on a web administration module for mailservers (it's open source if you'd like to take a look).

为此，我需要能够生成可由 Dovecot 。如在其wiki 中所述，他们推荐的密码散列方案是SSHA256（额外的S用于salted） 。

For that, I need to be able to generate hashed password that is readable by Dovecot. As described on their wiki, their recommended password hashing scheme is SSHA256 (the extra S is for salted).

它还解释说，这可以很简单的实现类似这样的PHP代码：

It's also explained that this could be reasonably simple to implement with something like this PHP code:

$salt = 'generate_a_salt_somehow';
$hash = hash('sha256', $password . $salt);

然而，从我读过的关于加密技术，这是一个相当朴实的方式生成salted哈希，但如果您在在您的源代码中输入AES ，我认为在这种情况下也是如此。

However, from what I've read about cryptography, that is a rather naíve way to generate salted hashes, but if you're doing it wrong when typing A-E-S in your source code, I figured the same could be true in this case.

所以，如果你有洞察加密，我很想听听最安全的方式来做到这一点，无论是mcrypt，mhash还是其他。

So if you have insight into cryptography, I'd love to hear about the most secure way to do this, be it mcrypt, mhash or whatever.

推荐答案

您链接的Dovecot wiki页面解释了Dovecot使用的确切哈希格式是什么。你在这件事上没有任何选择--Dyvecot对它的哈希是什么样的期望，所以你必须按照它的规则：

The Dovecot wiki page you linked to explains what the exact hash format Dovecot uses is. You don't have any choice in the matter -- Dovecot has its expectations on what the hash will look like, so you have to play by its rules:

对于大多数盐化密码方案（SMD5，SSHA *），盐存储在密码哈希后，其长度可以不同。当散列密码时，在明文密码之后附加salt，例如：SSHA256（pass，salt）= SHA256（pass + salt）+ salt。

For most of the salted password schemes (SMD5, SSHA*) the salt is stored after the password hash and its length can vary. When hashing the password, append the salt after the plaintext password, e.g.: SSHA256(pass, salt) = SHA256(pass + salt) + salt.

$ b b

因此，PHP中的相应密码生成函数可能如下所示：

So an appropriate password generation function in PHP might look like:

$hash = "{SSHA256}" . base64_encode(hash('sha256', $password . $salt) . $salt);

这篇关于如何在PHP中安全生成SSHA256或SSHA512哈希值？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！