使用crypt（）加密 [英] Encryption using crypt()

问题描述

我目前正在做一个非常安全的登录系统，但我对crypt（）函数很陌生，需要一些快速帮助。

我使用crypt（）在注册期间加密密码字符串并将其保存到数据库。但是，如何在登录时能够解密密钥？或者我应该怎么做呢？或者是否可能用提交的密码字符串做一些魔术来比较它与数据库中的加密密钥？

解决方案

crypt（）不会加密密码，它哈希它们。根本的区别是，你不能得到散列密码（想想散列的褐色 - 如果你有散列棕色，你不能得到土豆回来）。

因此，您将相同的函数应用于输入并将其结果与存储在数据库中的值进行比较：

  $ stored_pw = get_hashed_pa​​ssword_from_db（ $ _POST [ '用户名']）; 
 crypt（$ _ POST ['password']，$ stored_pw）== $ stored_pw 
  

阅读 crypt（） 文档>了解上述代码背后的魔术。

I'm currently doing a very safe login system, but I'm new to the crypt() function and need some quick assistance.

I used crypt() to encrypt the password string during signup and saved it to the database. However, how will I be able to decrypt the key during login? Or how am I supposed to do otherwise? Or would it be possibly to do some magic with the submitted password string to compare it to the encrypted key in the database?

解决方案

crypt() doesn't encrypt passwords, it hashes them. The fundamental difference is, you can't get hashed passwords back (think of hash browns - if you have hash browns, you can't get the potatoes back).

So you apply the same function to the input and compare its result to the value stored in the database:

$stored_pw = get_hashed_password_from_db($_POST['username']);
crypt($_POST['password'], $stored_pw) == $stored_pw

Read the documentation on crypt() to understand the "magic" behind the code above works.

这篇关于使用crypt（）加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！