問題描述

我已閱讀 PHP 手冊條目 crypt() 中提供的信息，但我發現自己仍然不確定觸發 Blowfish 算法的鹽的格式.

根據手動輸入，我應該使用 '$2$' 或 '$2a$' 作為 16 個字符的字符串的開始.然而，在后面給出的例子中，他們使用了一個更長的字符串:'$2a$07$usesomesillystringforsalt$'，這向我表明我提供的任何字符串都將被切片和切塊以適應模型.

我遇到的問題實際上是觸發 Blowfish 算法 vs STD_DES.示例:

$foo = 'foo';$salt = '$2a$' .hash('漩渦', $foo);//128 個字符，將被截斷$hash = crypt($foo, $salt);//$hash = $26HdMTpoODt6

那個散列顯然不是漩渦，實際上是STD_DES，只有鹽的前兩個字符用于鹽.但是，在 PHP 手冊的示例中，它們的 salt 以$2a$07$"開頭，因此如果我將這三個字符添加到同一代碼中，則會得到以下結果:

$foo = 'foo';$salt = '$2a$' .hash('漩渦', $foo);//128 個字符，將被截斷$hash = crypt($foo, $salt);//$hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC

我注意到我可以在此處顯示為07$"的字符中提供一些差異，例如 04$ 和 15$ 都有效，但 01$ 到 03$ 不起作用(生成一個空白字符串)，以及諸如 99$ 之類的值和 85$ 導致它再次恢復為 STD_DES.

問題:

'$2a$' 字符串后面的這三個字符的意義是什么，正如我在手冊中所相信的那樣，指示 crypt 函數使用河豚方法.

根據手冊，'$2a$'應該足以指示crypt()使用blowfish方法；那么，以下三個字符的意義是什么?那么，如果這三個字符如此重要，那么鹽的正確格式是什么?

2a 后面的數字指定了要執行的輪數的 log2.例如，10 表示做 1024 輪.通常，10 是正常的.不要使用太大的數字，否則您的密碼將需要很長時間才能驗證.

參見 為什么 BCrypt.net GenerateSalt(31) 立即返回? 相關的東西.:-)

I have read the information provided on the PHP Manual Entry for crypt(), but I find myself still unsure of the format for a salt to trigger the Blowfish algorithm.

According manual entry, I should use '$2$' or '$2a$' as the start of a 16 character string. However, in the example given later, they use a much longer string: '$2a$07$usesomesillystringforsalt$', which indicates to me that whatever string I provide will be sliced and diced to fit the model.

The problem I am encountering is actually triggering the Blowfish algo vs STD_DES. Example:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $26HdMTpoODt6

That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following:

$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt); 
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC

I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again.

The Question:

What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method.

According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant?

The number following the 2a specifies the log2 of the number of rounds to perform. For example, 10 means do 1024 rounds. Usually, 10 is normal. Don't use numbers that are too big, or your password will take forever to verify.

See Why does BCrypt.net GenerateSalt(31) return straight away? for something related. :-)

這篇關于使用 PHP 的 crypt 的河豚鹽的正確格式是什么?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！