php 如何为一个密码实现 sha 512、md5 和 salt 加密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21711890/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to implement sha 512,md5 and salt encryption all for one password
提问by Immortal Dude
$pass="test"
the above variable contains a password called test.I want to hash this password using sha512 md5 and salt how do i do that as ive found only benifits of salt and sha512,i allready know md5 encryption.please i need the solution as my system is vunerable
上面的变量包含一个名为 test 的密码。我想使用 sha512 md5 和 salt 对这个密码进行哈希处理,我该怎么做,因为我发现只有 salt 和 sha512 的好处,我已经知道 md5 加密了。请我需要解决方案,因为我的系统是可怜的
and please explain it with a code example because im still attached to md5
请用代码示例解释它,因为我仍然附加到 md5
from what ive understood by your comments and answers ive got the following code
根据我对您的评论和回答的理解,我得到了以下代码
$pass="test";
$hashed_pass= openssl_digest($pass, 'sha512');
ok seems solid enough but what is [salt='']? does it generate a random salt string or something if so the how to implement it?
好的似乎足够坚固,但什么是 [salt='']?它是否会生成随机盐字符串或其他东西,如果是这样,如何实现它?
回答by Sammitch
Edit:Since this answer still seems to be generating a bit of interest, let me steer you all towards password_hash()which is essentially a wrapper around crypt()but much simpler to use. If you're using PHP<5.5 there is password_compatwhich was written by the same guy and is actually linked off of the official documentation.
编辑:由于这个答案似乎仍然引起了一些兴趣,让我引导大家走向password_hash()本质上是一个包装crypt()但使用起来更简单的方法。如果您使用的是 PHP<5.5,那么password_compat是由同一个人编写的,实际上与官方文档相关联。
If you're already using crypt()it's worth noting that both password_verify()and password_needs_rehash()will workwith all crypt()-style passwords, so there's hardly a reason notto update!
如果你已经在使用crypt()它的值得注意的是,这两个password_verify()和将工作与所有风格的密码,所以几乎没有理由不来更新!password_needs_rehash()crypt()
Use crypt(), it provides MUCH stronger hashing methods.
使用crypt(),它提供了更强大的散列方法。
Hash a new password:
散列一个新密码:
// generate a 16-character salt string
$salt = substr(str_replace('+','.',base64_encode(md5(mt_rand(), true))),0,16);
// how many times the string will be hashed
$rounds = 10000;
// pass in the password, the number of rounds, and the salt
// $ specifies SHA256-CRYPT, use $ if you really want SHA512
echo crypt('password123', sprintf('$rounds=%d$%s$', $rounds, $salt));
// output: $rounds=10000ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
Compare an existing password:
比较现有密码:
// the hash stored for the user
$given_hash = '$rounds=10000ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8';
$test_pw = 'password123';
// extract the hashing method, number of rounds, and salt from the stored hash
// and hash the password string accordingly
$parts = explode('$', $given_hash);
$test_hash = crypt($test_pw, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3]));
// compare
echo $given_hash . "\n" . $test_hash . "\n" . var_export($given_hash === $test_hash, true);
/* output:
$rounds=10000ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
$rounds=10000ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
true */
回答by ZiupeX
If you are using PHP >= 5.3, the function openssl_digest should do the trick :
如果您使用的是 PHP >= 5.3,则函数 openssl_digest 应该可以解决问题:
echo openssl_digest($pass, 'sha512');
// result
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
echo md5($pass);
// result
098f6bcd4621d373cade4e832627b4f6
And with PHP 5.1 or 5.2, you have the hash function :
在 PHP 5.1 或 5.2 中,您拥有散列函数:
echo hash('sha512', $pass);
// result
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
echo md5($pass);
098f6bcd4621d373cade4e832627b4f6
