(PHP) 如何将 crypt() 与 CRYPT_BLOWFISH 一起使用？

发布于 2024-08-21 02:13:52 字数 862 浏览 6 评论 0原文

首先，我发现要使用 CRYPT_BLOWFISH，我需要使用以 $2a$ 开头的 16 字符盐。然而， php.net 的 crypt() 文档说某些系统不不支持 CRYPT_BLOWFISH。这种情况有多常见？

接下来，从文档上的示例中，我看到我使用 crypt() 如下：

<?php
$password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
   echo "Password verified!";
}
?>

为了使用 CRYPT_BLOWFISH，我唯一需要修改的是第一行以使其像这样；

crypt('mypassword', '$2a$07$usesomesillystringforsalt$')

然后其余的线就可以了？

原文

First, I see that to use CRYPT_BLOWFISH, i need to use a 16 char salt starting with $2a$. However, the php.net documentation for crypt() says that some systems don't support CRYPT_BLOWFISH. How often is that the case?

Next, from their example on the docs, I see I use crypt() as follows:

<?php
$password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
   echo "Password verified!";
}
?>

In order to use CRYPT_BLOWFISH, would the only thing I need to modify be the first line to make it like so;

crypt('mypassword', '$2a$07$usesomesillystringforsalt
and then the rest of the lines are fine as is?
)

and then the rest of the lines are fine as is?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

上课铃就是安魂曲 2024-08-28 02:13:52

对于 5.3.0 之前的 PHP，crypt() 使用操作系统提供的库。如果您使用的是早期版本，那么您需要检查操作系统文档以查看它是否受支持（检查 CRYPT_BLOWFISH 常量的值） - 如果不支持，则该算法是在 PHP 的 mcrypt() 扩展中实现的。

您从文档中引用的示例似乎没有多大意义：

  $stored_password=fetch_password($user);

  if (crypt($_REQUEST['password'],$stored_password)===$stored_password) {
      // note that crypt automatically extracts the salt and alogrithm type
      // from $stored_password
      ....

您只需要在创建密码时指定前缀（$2a$）。

HTH

For PHP before 5.3.0 crypt() used the lib supplied by the OS. If you are using an earlier version, then you'd need to check your OS documentation to see if it is supported (check the value of the CRYPT_BLOWFISH constant) - if not then the algorithm is implemented within the mcrypt() extension for PHP.

The example you've quoted from the docs doesn't seem to make much sense:

  $stored_password=fetch_password($user);

  if (crypt($_REQUEST['password'],$stored_password)===$stored_password) {
      // note that crypt automatically extracts the salt and alogrithm type
      // from $stored_password
      ....

You only need to specify the prefix ($2a$) when creating the password.

HTH

回复收藏 0 原文

~没有更多了~