問題描述

我需要了解此功能的基礎知識.對于河豚算法，php.net 文檔指出:

I need to get the basics of this function. The php.net documentation states, for the blowfish algorithm, that:

Blowfish 用鹽散列如下:$2a$"，一個兩位數的成本參數，$"，以及來自字母表./0-9A-Za-z"的 22 個基數 64 位.在鹽中使用此范圍之外的字符將導致 crypt() 返回零長度字符串

Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 base 64 digits from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string

因此，根據定義，這不應該起作用:

So this, by definition, should not work:

echo crypt('rasmuslerdorf', '$2a$07$usesomadasdsadsadsadasdasdasdsadesillystringforsalt$');

然而，它吐出來了:

$2a$07$usesomadasdsadsadsadaeMTUHlZEItvtV00u0.kb7qhDlC0Kou9e

crypt() 似乎將鹽本身的長度減少到 22.有人可以解釋一下嗎?

Where it seems that crypt() has cut the salt itself to a length of 22. Could somebody please explain this?

這個功能的另一個我無法理解的方面是當他們使用 crypt() 來比較密碼時.http://php.net/manual/en/function.crypt.php(看看例子.#1).這是否意味著如果我使用相同的鹽來加密所有密碼，我必須先對其進行加密?即:

Another aspect of this function I can't get my head around is when they use crypt() to compare passwords. http://php.net/manual/en/function.crypt.php (look at ex. #1). Does this mean that if I use the same salt for all encrypting all my passwords, I have to crypt it first? ie:

$salt = "usesomadasdsadsadsadae";
$salt_crypt = crypt($salt);

if (crypt($user_input, $salt) == $password) {
   // FAIL WONT WORK
}

if (crypt($user_input, $salt_crypt) == $password) {
   // I HAVE TO DO THIS?
}    

感謝您的時間

推薦答案

以下代碼示例可能會回答您的問題.

Following code example may answer your questions.

要使用 Blowfish 生成散列密碼，您首先需要生成一個鹽，它以 $2a$ 開頭，然后是迭代計數和 22 個 Base64 字符串字符.

To generate hashed password using Blowfish, you first need to generate a salt, which starts with $2a$ followed by iteration count and 22 characters of Base64 string.

$salt = '$2a$07$usesomadasdsadsadsadasdasdasdsadesillystringfors';
$digest = crypt('rasmuslerdorf', $salt);

將整個 $digest 存儲在數據庫中，它包含鹽和摘要.

Store the whole $digest in database, it has both the salt and digest.

比較密碼時，就這樣做，

When comparing password, just do this,

  if (crypt($user_input, $digest) == $digest)

您將摘要作為鹽重用.crypt 從算法標識符中知道鹽的長度.

You are reusing the digest as salt. crypt knows how long is the salt from the algorithm identifier.

這篇關于用 PHP 中的 crypt() 比較密碼的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！