如何加密网站的用户登录密码 [英] How to go about encrypting user login passwords for a website
问题描述
我正在为公司开发网站,他们需要登录验证才能使用该公司提供的一些服务。使用常识,我知道我需要在将用户密码保存到数据库时对其进行加密。不是一个问题,我可以简单地实现一个散列算法和存储哈希(或某事,我仍然需要拖动StackOverflow找出最好的方式来保存这些信息,但这不是我问的)。
I'm developing a website for a company, and they require login verification in order to use some of the services that this company provides. Using common sense, I know that I need to encrypt the user's password when saving it to a database. Not a problem, I can simply implement a hashing algorithm and store the hash (or something, I still need to troll StackOverflow to figure out the best way to save this information, but that's not what I'm asking).
我很好奇是如何实际执行加密算法。这是一个独立的程序在服务器上,将加密密码,然后存储吗?还是我必须使用PHP模块来加密密码?还是我不在想的别的东西?
What I'm curious about is how to actually execute the encryption algorithm. Is that a stand-alone program on the server that will encrypt the password and then store it? Or would I have to use a PHP module to encrypt the password? Or is it something else that I'm not thinking of?
任何和所有答案都很感激,如果我的措辞不好,我指望你打电话给我;)
Any and all answers are appreciated, and if I worded anything poorly, I'm counting on you to call me out on it ;)
推荐答案
PHP的内置散列方法效果很好。无需呼叫第三方图书馆。
您应该查看 hash()函数。记住在保存哈希值时使用强盐。在互联网上应该有大量有关这方面的好文章,还有这里 a>。
PHP's built in hashing methods works well. No need to call inn third party libraries. You should take a look at the hash() function. Remember to use a strong salt when saving the hash. There should be plenty of good articles around the internet about this, and also here.
正如drrcknlsn在注释中指出的,md5和sha1会因为它们被认为是破坏而变成错误的选择。
As pointed out by drrcknlsn in a comment, md5 and sha1 would bad choices since they are considered broken.
此外,正如Grexis在他的回答中指出的,PBKDF2也是你可以研究的一种方法。
Also, as Grexis points out in his answer, PBKDF2 is also one method the you could look into.
这篇关于如何加密网站的用户登录密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
