使用 PHP 地穴的河豚盐的正确格式是什么?
我已阅读 PHP Manual Entry for crypt(),但我发现自己仍然不确定触发 Blowfish 算法的盐的格式。
根据手动输入,我应该使用 '$2
我遇到的问题实际上是触发 Blowfish 算法与 STD_DES。示例:
$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $26HdMTpoODt6
该哈希显然不是 Whirlpool,实际上是 STD_DES,仅使用盐的前两个字符作为盐。但是,在 PHP 手册的示例中,它们的盐以“$2a$07$”开头,因此,如果我将这三个字符添加到同一代码中,我会得到以下结果:
$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC
我注意到我可以提供一些此处显示为“07$”的字符存在差异,例如 04$ 和 15$ 都有效,但 01 $ 到 03$ 不起作用(生成空白字符串),诸如 99$ 和 85$ 之类的值会导致它再次恢复为 STD_DES。
问题:
“$2a$”字符串后面的这三个字符的意义是什么,正如我通过手册相信的那样,它指示 crypt 函数使用blowfish 方法。
根据手册,'$2a$'应该足以指示crypt()使用blowfish方法;那么,下面这三个字的意义是什么呢?如果这三个字符如此重要,那么盐的正确格式是什么?
我遇到的问题实际上是触发 Blowfish 算法与 STD_DES。示例:
$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $26HdMTpoODt6
该哈希显然不是 Whirlpool,实际上是 STD_DES,仅使用盐的前两个字符作为盐。但是,在 PHP 手册的示例中,它们的盐以“$2a$07$”开头,因此,如果我将这三个字符添加到同一代码中,我会得到以下结果:
$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC
我注意到我可以提供一些此处显示为“07$”的字符存在差异,例如 04$ 和 15$ 都有效,但 01 $ 到 03$ 不起作用(生成空白字符串),诸如 99$ 和 85$ 之类的值会导致它再次恢复为 STD_DES。
问题:
“$2a$”字符串后面的这三个字符的意义是什么,正如我通过手册相信的那样,它指示 crypt 函数使用blowfish 方法。
根据手册,'$2a$'应该足以指示crypt()使用blowfish方法;那么,下面这三个字的意义是什么呢?如果这三个字符如此重要,那么盐的正确格式是什么?
$2a$07$usesomesillystringforsalt$”,这向我表明,我提供的任何字符串都将被切片和切块以适合模型。我遇到的问题实际上是触发 Blowfish 算法与 STD_DES。示例:
$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $26HdMTpoODt6
该哈希显然不是 Whirlpool,实际上是 STD_DES,仅使用盐的前两个字符作为盐。但是,在 PHP 手册的示例中,它们的盐以“$2a$07$”开头,因此,如果我将这三个字符添加到同一代码中,我会得到以下结果:
$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC
我注意到我可以提供一些此处显示为“07$”的字符存在差异,例如 04$ 和 15$ 都有效,但 01 $ 到 03$ 不起作用(生成空白字符串),诸如 99$ 和 85$ 之类的值会导致它再次恢复为 STD_DES。
问题:
“$2a$”字符串后面的这三个字符的意义是什么,正如我通过手册相信的那样,它指示 crypt 函数使用blowfish 方法。
根据手册,'$2a$'应该足以指示crypt()使用blowfish方法;那么,下面这三个字的意义是什么呢?如果这三个字符如此重要,那么盐的正确格式是什么?
I have read the information provided on the PHP Manual Entry for crypt(), but I find myself still unsure of the format for a salt to trigger the Blowfish algorithm.
According manual entry, I should use '$2$' or '$2a$' as the start of a 16 character string. However, in the example given later, they use a much longer string: '$2a$07$usesomesillystringforsalt$', which indicates to me that whatever string I provide will be sliced and diced to fit the model.
The problem I am encountering is actually triggering the Blowfish algo vs STD_DES. Example:
$foo = 'foo';
$salt = '$2a
That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following:
$foo = 'foo';
$salt = '$2a
I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.
The Question:
What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.
According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?
. hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $26HdMTpoODt6
That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following:
I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.
The Question:
What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.
According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?
. hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC
I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.
The Question:
What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.
According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?
That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following:
I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.
The Question:
What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.
According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
2a后面的数字指定要执行的轮数的 log2。例如,10 表示进行 1024 轮。一般来说,10个是正常的。不要使用太大的数字,否则您的密码将需要很长时间才能验证。请参阅为什么 BCrypt.netGenerateSalt(31) 会立即返回? 相关的东西。 :-)
The number following the
2aspecifies the log2 of the number of rounds to perform. For example, 10 means do 1024 rounds. Usually, 10 is normal. Don't use numbers that are too big, or your password will take forever to verify.See Why does BCrypt.net GenerateSalt(31) return straight away? for something related. :-)