PHP Blowfish 加密
我被要求将登录表单指向外部站点,其中登录名和密码应出现在 URL 中,并且密码应经过 Blowfish 加密。我获得了一个“密钥”,其格式为:“nnn-nnnssssssssssssssssssssssssnnnnnn”
其中n是数字,s是字母(共24个)。
从 PHP 文档看来,要使用 crypt() 触发 Blowfish 加密,需要提供一种特定格式的盐,以“$2a$”开头,但这不是我提供的密钥的格式。这是否意味着我需要提供自己的盐?如果是,我提供的密钥有何意义?
I've been asked to point a login form to an external site, where login and pass should be present in the URL and the pass should be Blowfish encrypted. I was provided a "key" which is in the format: "nnn-nnnssssssssssssssssssssssssnnnnnn"
where n is a number and s is a letter (24 of them).
From the PHP docs it seems that to trigger Blowfish encryption with crypt() one needs to provide a salt in a specific format, starting with "$2a$", but this is not the format of the key I was provided. Does this mean I need to provide a salt of my own? If yes, what is the point of the key I was provided?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
crypt 是一个哈希函数,它不用于加密。要真正加密你需要 mcrypt 或纯 php 实现的东西(我记得在 pear 中看到过一些东西)。
crypt is a hashing function, it's not for encryption. To actually encrypt something you need mcrypt or a pure php implementation (i remember to see something in pear).
尝试将其作为盐: $2a$nn$nnnnssssssssssssnnn$ (不起作用)
,您必须使用 mcrypt 或 PEAR 库:
那么它就不是散列 php.net/package/Crypt_Blowfish" rel="nofollow noreferrer">http://pear.php.net/package/Crypt_Blowfish
示例:
http://www.chilkatsoft.com/p/php_blowfish.asp
我没有看到 IV,因此模式必须是 ECB(弱)并且整个事情将是关键。
Try this as the salt: $2a$nn$nnnnsssssssssssnnn$ (didn't work)
It isn't a hash then and you'll have to use mcrypt or the PEAR library:
http://pear.php.net/package/Crypt_Blowfish
Example:
http://www.chilkatsoft.com/p/php_blowfish.asp
I don't see an IV so the mode will have to be ECB (weak) and the whole thing will be the key.