这两行 PHP 有什么不同?
假设我们在数据库中有一个盐,并且是像这样生成的
$salt = time();
这两行之间有什么区别。
$pass1 = hash('sha1', $password . $salt);
$pass2 = hash_hmac('sha1', $password, $salt);
它们不会产生相同的输出。第一个,hash 函数需要 2 个参数,而 hash_hmac 需要 3 个参数。因此,您可能会认为我们可以通过单独使用 $salt 来获取第三个额外参数(以满足第三个参数),而不是将其与密码连接起来($password . $salt< /code>) 就像我们在第 2 行中所做的那样。但事情并没有那么简单,两个结果是不同的。为什么?这里究竟发生了什么?
Assuming we have a salt that's in the database and that has been generated like this
$salt = time();
What is the difference between these 2 lines.
$pass1 = hash('sha1', $password . $salt);
$pass2 = hash_hmac('sha1', $password, $salt);
They don't produce the same output. The first one, the hash function takes 2 params, while the hash_hmac needs 3 params. You would therefore think that we can get that third extra param by using the $salt separately (to fulfill the third param) as opposed to concatenating it with the password ($password . $salt) like we did in line 2. But it's not that simple, the 2 results are different. Why? What is going on exactly here?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
因为 HMAC SHA-1 与消息和密钥串联的 SHA-1 不同。 HMAC 更像
sha1($salt . sha1($salt . $password)),但不完全一样。维基百科对 HMAC 有很好的描述。Because HMAC SHA-1 is not the same as SHA-1 with the message and key concatenated. HMAC is more like
sha1($salt . sha1($salt . $password)), but not exactly. Wikipedia has a nice description of HMAC.