PHP的这两行如何不同？ [英] How are these 2 lines of PHP different?

问题描述

假设我们在数据库中有一个salt，并且已经生成了这样的结果

Assuming we have a salt that's in the database and that has been generated like this

$ salt = time（）;

这两行之间有什么区别。

What is the difference between these 2 lines.

$pass1 = hash('sha1', $password . $salt);

$pass2 = hash_hmac('sha1', $password, $salt);

它们不会产生相同的输出。第一个， hash 函数需要2个参数，而 hash_hmac 需要3个参数。因此，您会认为我们可以单独使用 $ salt 来完成第三个参数，而不是将它与密码（ $ password。$ salt ），就像我们在第2行做的那样。但并不那么简单，2个结果是不同的。为什么？这里究竟发生了什么？

They don't produce the same output. The first one, the hash function takes 2 params, while the hash_hmac needs 3 params. You would therefore think that we can get that third extra param by using the $salt separately (to fulfill the third param) as opposed to concatenating it with the password ($password . $salt) like we did in line 2. But it's not that simple, the 2 results are different. Why? What is going on exactly here?

推荐答案

由于HMAC SHA-1与带消息和密钥的SHA-1不同级联。 HMAC更像 sha1（$ salt。sha1（$ salt。$ password）），但不完全一样。 Wikipedia对 HMAC 有很好的描述。

Because HMAC SHA-1 is not the same as SHA-1 with the message and key concatenated. HMAC is more like sha1($salt . sha1($salt . $password)), but not exactly. Wikipedia has a nice description of HMAC.

这篇关于PHP的这两行如何不同？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！