PHP.net说md5（）和sha1（）不适合输入密码？ [英] PHP.net says that md5() and sha1() unsuitable for password?

问题描述

http://www.php.net/ manual / en / faq.passwords.php＃faq.passwords.fasthash

我以散列形式将用户密码存储在MySQL数据库中。这是否意味着这样做是不安全的？如果是，我的备选方案是什么？

解决方案

您链接到的常见问题中的下一个问题将讨论它：如果常用的散列函数不合适，我该如何散列我的密码？ / b>

从常见问题：

建议使用的算法时哈希密码是Blowfish，因为它比MD5或SHA1的计算成本要高很多，但仍然可以扩展。

接下来的问题是关于盐。

http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

I'm storing user passwords in a MySQL database in hash form. Does this mean that it is unsafe to do so? If it is, what are my alternatives?

解决方案

The next question in the FAQ you linked to discusses it: How should I hash my passwords, if the common hash functions are not suitable?

From the FAQ:

The suggested algorithm to use when hashing passwords is Blowfish, as it is significantly more computationally expensive than MD5 or SHA1, while still being scalable.

The question following that is about salt.

这篇关于PHP.net说md5（）和sha1（）不适合输入密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！