問題描述
我正在制作一個登錄系統,我想對密碼進行散列以使其更安全,但它每次都返回不同的散列,甚至無法使用 password_verify() 進行驗證,這是我的代碼:
I'm making a login system, and I want to hash the passwords to make them more secure, but it returns a different hash every time, and can't even be verified using password_verify(), here is my code:
$password = password_hash($password4, PASSWORD_DEFAULT);
這是我的驗證代碼:
if(password_verify($password4, $dbpassword))
推薦答案
所以讓我們一次一個部分
So let's take it one part at a time
但它每次都返回不同的哈希
but it returns a different hash every time
就是這個想法.password_hash 旨在每次生成隨機鹽.這意味著您必須單獨分解每個散列,而不是猜測用于所有內容的一種鹽并獲得巨大優勢.
That's the idea. password_hash is designed to generate a random salt every time. This means you have to break each hash individually instead of guessing one salt used for everything and having a huge leg up.
無需MD5 或進行任何其他散列.如果你想提高 password_hash 的安全性,你可以通過更高的成本(默認成本是 10)
There's no need to MD5 or do any other hashing. If you want to raise the security of password_hash you pass a higher cost (default cost is 10)
$password = password_hash($password4, PASSWORD_DEFAULT, ['cost' => 15]);
至于驗證
if(password_verify($password4, $dbpassword))
所以 $password4 應該是你未散列的密碼,$dbpassword 應該是你存儲在數據庫中的哈希
So $password4 should be your unhashed password and $dbpassword should be the hash you've stored in your database
這篇關于password_hash 每次返回不同的值的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!