php Laravel 中的 Bcrypt 与 Hash
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28899905/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Bcrypt vs Hash in laravel
提问by Dees Oomens
I want to create a function or something like a Cron that executes a link (in Laravel), with something like a password. I've got two solutions. But which one is better to use:
我想创建一个函数或类似 Cron 的东西来执行链接(在 Laravel 中),并带有密码之类的东西。我有两个解决方案。但是哪个更好用:
Option 1 (hash):
选项 1(哈希):
<?php
// Page 1
$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);
// <-- Insert go to page and send GET with $key code here
// Page 2
$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);
if ($key == $pageOneKey) {
// Execute some code
}
Option 2 (bcrypt):
选项 2 (bcrypt):
<?php
// Page 1
$key = Crypt::encrypt(date('Y-m-d'));
// <-- Insert go to page and send GET with $key code here
// Page 2
$key = date('Y-m-d');
$pageOneKey = Crypt::decrypt($key);
if ($key == $pageOneKey) {
// Execute some code
}
This code has been described broadly. With better to use i mean safer / more secure, or something in that trance. Thanks!
此代码已被广泛描述。更好地使用我的意思是更安全/更安全,或者在那种恍惚中。谢谢!
回答by lukasgeiter
Your second option isn't bcrypt. Laravel's Cryptclass uses AES encryption.
As stated in the documentation:
你的第二个选择不是 bcrypt。Laravel 的Crypt类使用 AES 加密。
如文档中所述:
Laravel provides facilities for strong AES encryption via the Mcrypt PHP extension.
Laravel 通过 Mcrypt PHP 扩展提供强大的 AES 加密功能。
As far as I can tell you don't need to be able to decrypt the data, to reverse the encryption. Therefore you should definitely use a hashing algorithm like sha256 in your first option. However Laravel ships with a pretty good hashing class already so why not use that.
据我所知,您不需要能够解密数据来反转加密。因此,您绝对应该在第一个选项中使用像 sha256 这样的散列算法。然而 Laravel 已经提供了一个非常好的散列类,所以为什么不使用它。
Option 3 (Laravel Hash, Bcrypt)
选项 3(Laravel Hash、Bcrypt)
$hash = Hash::make('secret');
$input = 'secret';
if(Hash::check($input, $hash)){
// the input matches the secret
}
Notethat you have to use Hash::check()for comparing. You can't just create another hash with Hash::make()and compare them. The generated hash contains a random component, so even if it's the same secret, Hash::make()will produce a different hash every time.
请注意,您必须Hash::check()用于比较。你不能只是创建另一个散列Hash::make()并比较它们。生成的散列包含一个随机分量,因此即使它是相同的秘密,Hash::make()每次都会产生不同的散列。
回答by user1669496
If you never need to decrypt the key for further use, the first option is better.
如果您永远不需要解密密钥以供进一步使用,则第一个选项更好。
If you need to get the key back after it's been encrypted, the second option will be better.
如果您需要在加密后取回密钥,则第二个选项会更好。
