password_hash每次都会返回不同的值 [英] password_hash returns different value every time
问题描述
我正在创建一个登录系统,我想散列这些密码以使它们更安全,但每次都会返回一个不同的散列值,甚至无法使用password_verify()进行验证,下面是我的代码:
$ password = password_hash($ password4,PASSWORD_DEFAULT);
以下是我验证的代码:
if(password_verify($ password4,$ dbpassword))
所以让我们一次一个地参考它。
但每次都返回不同的散列
这就是主意。 password_hash
用于每次生成随机盐。这意味着你必须单独打破每个散列,而不是猜测一个用于所有事物的盐,并且有一个巨大的支撑。
不需要 MD5
或做任何其他散列。如果你想提高 password_hash
的安全性,你可以通过一个更高的成本(默认成本是10)
pre > $ password = password_hash($ password4,PASSWORD_DEFAULT,['cost'=> 15]);
至于验证
if(password_verify($ password4,$ dbpassword))
所以 $ password4
应该是您的非哈希密码, $ dbpassword
应该是您存储在数据库中的哈希值
I'm making a login system, and I want to hash the passwords to make them more secure, but it returns a different hash every time, and can't even be verified using password_verify(), here is my code:
$password = password_hash($password4, PASSWORD_DEFAULT);
and here is my code for verifying:
if(password_verify($password4, $dbpassword))
So let's take it one part at a time
but it returns a different hash every time
That's the idea. password_hash
is designed to generate a random salt every time. This means you have to break each hash individually instead of guessing one salt used for everything and having a huge leg up.
There's no need to MD5
or do any other hashing. If you want to raise the security of password_hash
you pass a higher cost (default cost is 10)
$password = password_hash($password4, PASSWORD_DEFAULT, ['cost' => 15]);
As to verify
if(password_verify($password4, $dbpassword))
So $password4
should be your unhashed password and $dbpassword
should be the hash you've stored in your database
这篇关于password_hash每次都会返回不同的值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!