PHP md5 和 sha1 混淆 - 为什么我得到不同的加密结果?

发布于 2024-12-16 02:19:52 字数 473 浏览 1 评论 0原文

我在处理注册表单时使用的 php 页面中有一个名为 encrypt_password 的 php 函数:

function encrypt_password($password){

    $salt  = sha1(md5($password));
    $password = md5($password.$salt);

    return $password;
}

我尝试在处理登录表单时再次使用它,但得到了不同的结果。

我只需不调用此函数,而是

$salt  = sha1(md5($password));
$password = md5($password.$salt);

直接在 process_login 页面上调用:即可获得正确的结果。为什么调用 encrypt_password 会得到不同的结果?

我希望我已经解释得足够清楚了! 谢谢!

I have a php function in a php page called encrypt_password that I use when processing a registration form:

function encrypt_password($password){

    $salt  = sha1(md5($password));
    $password = md5($password.$salt);

    return $password;
}

I try to use it again for when I process the login form but I get a different result.

I get the correct result just by not calling this function and instead just calling:

$salt  = sha1(md5($password));
$password = md5($password.$salt);

directly on my process_login page. Why would I get a different result by calling encrypt_password?

I hope I have explained this clearly enough!
Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

暮年 2024-12-23 02:19:52

我简直不敢相信这是真的。您说您有两个页面,一个带有注册表单,另一个带有登录表单。

他们都必须对用户发布的密码进行加密。

这里可能存在很多问题,具体取决于您如何发现它们不匹配。您是否只是尝试登录并看到密码错误的错误消息?或者您在调用 encrypt_password 后是否回显了密码哈希?如果能够从注册页面和登录页面向我们显示密码“test”的哈希值,那就太好了。也许有人已经看到了一种模式。

不管怎样,让我猜一下:

  1. 你输入的密码不正确。
  2. 您已经使用旧版本的加密函数创建了正在测试的用户。也许你只使用了md5(password)来注册,然后你读到了不安全的地方并添加了盐。现在,您正在比较同一密码的两个不同哈希值,因为密码是使用旧哈希函数存储在数据库中的。
  3. 我猜你用 $password = $_POST['password']; 设置了 $password 。我想在两页上也是如此。两页上的这些陈述都没有错别字吗?那里没有 $password = $_POST['password']; 吗?两个 元素都命名为“password”吗?
  4. $encrypt_password 函数中也会出现拼写错误。您是在两个页面上都定义它,还是从另一个文件中包含它? (你应该!)如果它们存在于两个文件中,它们是否逐个字母匹配?复制粘贴它来测试它,如果它有效,谢谢我,然后将其放入包含中,并让它成为一个教训。

I simply cannot believe this to be true. You say you have two pages, one with a registration form and one with a login form.

They both have to encrypt the password the user has posted.

There can be a number of things wrong here, depending on how you find they don't match. Do you just try to login and see an error that your password is wrong? Or did you echo the password hash after a call to encrypt_password? It would be nice to have done that to shown us a hash of the password 'test', from both the registration page and the login page. Perhaps someone could've seen a pattern.

Anyway, let me guess:

  1. You enter the password incorrectly.
  2. You have created this user you're testing it with, with an older version of your encryption function. Perhaps you only used md5(password) to register, then you read somewhere that was unsafe and added a salt. Now you're comparing two different hashes for the same password, since the password is stored in the database using the old hashing function.
  3. You set $password with $password = $_POST['password']; I guess. On both pages, I guess too. Are those statements on both pages typo-free? No $password = $_POST['pasword']; there? And are both <input> elements named "password"?
  4. Typos also go for the $encrypt_password function. Do you define it on both pages, or do you include it from another file? (You should!) If they exist in both files, do they match letter by letter? Copypaste it to test this, and if it works, thank me and put it in an include afterwards, and let it be a lesson.
愛放△進行李 2024-12-23 02:19:52

我遇到了同样的问题。
检查数据库中密码字段的长度,散列后的值增加了您在数据库中指定的限制

i faced the same problem .
check the length of password field in db the value after hashed is increased the limit you specified in the db

成熟的代价 2024-12-23 02:19:52

是的,我检查了代码,没有错误。这是我的代码,没有任何缺陷:

 function encrypt_password($password){
        $salt  = sha1(md5($password));
        $password = md5($password.$salt);
        return $password;
}

$myPassword = "test";
echo encrypt_password($myPassword );
// this gives me 34364c859afb02e70306c905374ac2d5

$salt  = sha1(md5($myPassword));
$password = md5($myPassword.$salt);
echo "<br />";

echo $password;
//this gives me 34364c859afb02e70306c905374ac2d5

所以,它们是相同的。和 Dimme 一样,我对变量名也有同样的看法。但我无法复制这个。对不起...

Yep, I checked the code and theres is no error. This is my code without any flaws:

 function encrypt_password($password){
        $salt  = sha1(md5($password));
        $password = md5($password.$salt);
        return $password;
}

$myPassword = "test";
echo encrypt_password($myPassword );
// this gives me 34364c859afb02e70306c905374ac2d5

$salt  = sha1(md5($myPassword));
$password = md5($myPassword.$salt);
echo "<br />";

echo $password;
//this gives me 34364c859afb02e70306c905374ac2d5

So, they are the same. Like Dimme, I thought the same about variable names. But I could not replicate this. Sorry...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文