使用 PHP 地穴的河豚盐的正确格式是什么?

发布于 2024-08-20 16:31:33 字数 1337 浏览 10 评论 0原文

我已阅读 PHP Manual Entry for crypt(),但我发现自己仍然不确定触发 Blowfish 算法的盐的格式。

根据手动输入,我应该使用 '$2

我遇到的问题实际上是触发 Blowfish 算法与 STD_DES。示例:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $26HdMTpoODt6

该哈希显然不是 Whirlpool,实际上是 STD_DES,仅使用盐的前两个字符作为盐。但是,在 PHP 手册的示例中,它们的盐以“$2a$07$”开头,因此,如果我将这三个字符添加到同一代码中,我会得到以下结果:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC

我注意到我可以提供一些此处显示为“07$”的字符存在差异,例如 04$15$ 都有效,但 01 $03$ 不起作用(生成空白字符串),诸如 99$85$ 之类的值会导致它再次恢复为 STD_DES

问题:

$2a$”字符串后面的这三个字符的意义是什么,正如我通过手册相信的那样,它指示 crypt 函数使用blowfish 方法。

根据手册,'$2a$'应该足以指示crypt()使用blowfish方法;那么,下面这三个字的意义是什么呢?如果这三个字符如此重要,那么盐的正确格式是什么?

或 '$2a

我遇到的问题实际上是触发 Blowfish 算法与 STD_DES。示例:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $26HdMTpoODt6

该哈希显然不是 Whirlpool,实际上是 STD_DES,仅使用盐的前两个字符作为盐。但是,在 PHP 手册的示例中,它们的盐以“$2a$07$”开头,因此,如果我将这三个字符添加到同一代码中,我会得到以下结果:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC

我注意到我可以提供一些此处显示为“07$”的字符存在差异,例如 04$15$ 都有效,但 01 $03$ 不起作用(生成空白字符串),诸如 99$85$ 之类的值会导致它再次恢复为 STD_DES

问题:

$2a$”字符串后面的这三个字符的意义是什么,正如我通过手册相信的那样,它指示 crypt 函数使用blowfish 方法。

根据手册,'$2a$'应该足以指示crypt()使用blowfish方法;那么,下面这三个字的意义是什么呢?如果这三个字符如此重要,那么盐的正确格式是什么?

作为 16 个字符的字符串的开头。然而,在后面给出的示例中,他们使用了更长的字符串:“$2a$07$usesomesillystringforsalt$”,这向我表明,我提供的任何字符串都将被切片和切块以适合模型。

我遇到的问题实际上是触发 Blowfish 算法与 STD_DES。示例:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $26HdMTpoODt6

该哈希显然不是 Whirlpool,实际上是 STD_DES,仅使用盐的前两个字符作为盐。但是,在 PHP 手册的示例中,它们的盐以“$2a$07$”开头,因此,如果我将这三个字符添加到同一代码中,我会得到以下结果:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC

我注意到我可以提供一些此处显示为“07$”的字符存在差异,例如 04$15$ 都有效,但 01 $03$ 不起作用(生成空白字符串),诸如 99$85$ 之类的值会导致它再次恢复为 STD_DES

问题:

$2a$”字符串后面的这三个字符的意义是什么,正如我通过手册相信的那样,它指示 crypt 函数使用blowfish 方法。

根据手册,'$2a$'应该足以指示crypt()使用blowfish方法;那么,下面这三个字的意义是什么呢?如果这三个字符如此重要,那么盐的正确格式是什么?

I have read the information provided on the PHP Manual Entry for crypt(), but I find myself still unsure of the format for a salt to trigger the Blowfish algorithm.

According manual entry, I should use '$2$' or '$2a$' as the start of a 16 character string. However, in the example given later, they use a much longer string: '$2a$07$usesomesillystringforsalt$', which indicates to me that whatever string I provide will be sliced and diced to fit the model.

The problem I am encountering is actually triggering the Blowfish algo vs STD_DES. Example:

$foo = 'foo';
$salt = '$2a

That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following:

$foo = 'foo';
$salt = '$2a

I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.

The Question:

What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.

According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?

. hash('whirlpool', $foo); // 128 characters, will be truncated $hash = crypt($foo, $salt); // $hash = $26HdMTpoODt6

That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following:


I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.

The Question:

What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.

According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?

. hash('whirlpool', $foo); // 128 characters, will be truncated $hash = crypt($foo, $salt); // $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC

I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.

The Question:

What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.

According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?

. hash('whirlpool', $foo); // 128 characters, will be truncated $hash = crypt($foo, $salt); // $hash = $26HdMTpoODt6

That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following:

I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.

The Question:

What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.

According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

長街聽風 2024-08-27 16:31:33

2a 后面的数字指定要执行的轮数的 log2。例如,10 表示进行 1024 轮。一般来说,10个是正常的。不要使用太大的数字,否则您的密码将需要很长时间才能验证。

请参阅为什么 BCrypt.netGenerateSalt(31) 会立即返回? 相关的东西。 :-)

The number following the 2a specifies the log2 of the number of rounds to perform. For example, 10 means do 1024 rounds. Usually, 10 is normal. Don't use numbers that are too big, or your password will take forever to verify.

See Why does BCrypt.net GenerateSalt(31) return straight away? for something related. :-)

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文