密码加密 [英] Password Encryption

问题描述

我已将用户密码以加密格式存储在我的数据库中。但是，现在当用户想登录并尝试输入原始密码时，代码总是将输入的（原始）密码与存储在数据库中的加密版本进行比较，导致登录失败。

I have stored user passwords in an encrypted format in my database. However, now when user wants to login and tries to put their original password the code always compares the entered (original) password with the encrypted version stored in the database, leading to a failed login.

请告诉我如何比较输入的（原始）密码与存储在数据库中的加密密码。

Please tell me how to compare the entered (original) password with the encrypted password stored in the database.

推荐答案

您应该几乎肯定是 散列 密码，而不是使用可逆加密。您可能还需要使用 盐 ...在这种情况下，正确的步骤是：

You should almost certainly be hashing the password rather than using reversible encryption. You may need to do this with a salt too... in which case the correct steps are:

• 查找最初散列密码时使用的盐


• 比较两个散列 - 如果它们相等，则使用该盐。用户（几乎肯定）输入正确的密码。

请注意，当您生成随机盐，以及当您使用存储的盐时，验证存储的哈希值时。

Note the difference between the when you store the hashed password to start with, when you generate a random salt, and when you verify the stored hash, when you use the stored salt.

这篇关于密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！