如何实现sha 512,md5和salt加密全为一个密码 [英] how to implement sha 512,md5 and salt encryption all for one password
问题描述
$ pass =test
上述变量包含一个名为test.I的密码我想使用sha512 md5和盐哈希这个密码我如何做到这一点只发现盐和sha512的好处,我已经知道md5加密。我需要解决方案,因为我的系统是可耻的
请用代码示例解释,因为im仍然附加到md5
$ pass =test;
$ hashed_pass = openssl_digest($ pass,'sha512');
ok似乎足够坚固,但是什么是[salt ='']?
是否产生一个随机的盐串或什么如果是这样实现它?
编辑:由于这个答案似乎还是引起了一些兴趣,所以让我引导你们走向 password_hash() ,这本质上是围绕 crypt()的包装使用起来更简单如果您使用PHP< 5.5,那么 password_compat 是由同一个人写的,实际上是链接关闭官方文档。
如果您已经使用 crypt(),值得注意的是 password_verify() 和 password_needs_rehash() 将使用所有 crypt() - 密码,所以几乎没有原因不更新!
使用 crypt() ,它提供了更强大的哈希方法。
填写新密码:
//生成一个16个字符的盐string
$ salt = substr(str_replace('+','。',base64_encode(md5(mt_rand(),true))),0,16);
//字串将被多少次
$ rounds = 10000;
//传入密码,轮数和盐
// $ 5 $指定SHA256-CRYPT,如果您真的想要SHA512
echo crypt('password123'),则使用$ 6 $ ,sprintf('$ 5 $ rounds =%d $%s $',$ rounds,$ salt));
//输出:$ 5 $ rounds = 10000 $ 3ES3C7XZpT7WQIuC $ BEKSvZv。/ Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
比较现有密码:
//为用户存储的哈希
$ given_hash ='$ 5 $ rounds = 10000 $ 3 ES3C7XZpT7WQIuC $ BEKSvZv / Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8' 。
$ test_pw ='password123';
//从存储的哈希
//中提取哈希方法,回合数和盐,并相应地哈希密码字符串
$ parts = explode('$' $ given_hash);
$ test_hash = crypt($ test_pw,sprintf('$%s $%s $%s $',$ parts [1],$ parts [2],$ parts [3]));
//比较
echo $ given_hash。 \\\
。 $ test_hash。 \\\
。 var_export($ given_hash === $ test_hash,true);
/ *输出:
$ 5 $ rounds = 10000 $ 3ES3C7XZpT7WQIuC $ BEKSvZv。/ Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
$ 5 $ rounds = 10000 $ 3ES3C7XZpT7WQIuC $ BEKSvZv。/ Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
true * /
$pass="test"
the above variable contains a password called test.I want to hash this password using sha512 md5 and salt how do i do that as ive found only benifits of salt and sha512,i allready know md5 encryption.please i need the solution as my system is vunerable
and please explain it with a code example because im still attached to md5
from what ive understood by your comments and answers ive got the following code
$pass="test";
$hashed_pass= openssl_digest($pass, 'sha512');
ok seems solid enough but what is [salt='']? does it generate a random salt string or something if so the how to implement it?
Edit: Since this answer still seems to be generating a bit of interest, let me steer you all towards password_hash() which is essentially a wrapper around crypt() but much simpler to use. If you're using PHP<5.5 there is password_compat which was written by the same guy and is actually linked off of the official documentation.
If you're already using crypt() it's worth noting that both password_verify() and password_needs_rehash() will work with all crypt()-style passwords, so there's hardly a reason not to update!
Use crypt(), it provides MUCH stronger hashing methods.
Hash a new password:
// generate a 16-character salt string
$salt = substr(str_replace('+','.',base64_encode(md5(mt_rand(), true))),0,16);
// how many times the string will be hashed
$rounds = 10000;
// pass in the password, the number of rounds, and the salt
// $5$ specifies SHA256-CRYPT, use $6$ if you really want SHA512
echo crypt('password123', sprintf('$5$rounds=%d$%s$', $rounds, $salt));
// output: $5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
Compare an existing password:
// the hash stored for the user
$given_hash = '$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8';
$test_pw = 'password123';
// extract the hashing method, number of rounds, and salt from the stored hash
// and hash the password string accordingly
$parts = explode('$', $given_hash);
$test_hash = crypt($test_pw, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3]));
// compare
echo $given_hash . "\n" . $test_hash . "\n" . var_export($given_hash === $test_hash, true);
/* output:
$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
true */
这篇关于如何实现sha 512,md5和salt加密全为一个密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
