Ïê½âPHP´¦ÀíÃÜÂëµÄ¼¸ÖÖ·½Ê½

ÔÚ PHPÖУ¬¾­³£»a¶ÔÓû§Éi*ݽøÐÐÈÏÖ¤¡£±¾ÎÄÒaÔÚÌÖÂÛ¶ÔÃÜÂeµÄ´¦Ài£¬Ò²¾ÍÊǶÔÃÜÂeµÄ¼ÓÃÜ´¦Ài¡£

MD5

ÏaÐźܶaPHP¿ª*¢ÕßÔÚ×iÏȽӴ¥PHPµÄʱºo£¬´¦ÀiÃÜÂeµÄÊ×Ñ¡¼ÓÃܺ¯Êý¿ÉÄܾÍÊÇMD5ÁË£¬ÎÒµ±Ê±¾ÍÊÇÕaÑuµÄ£º

    $password = md5($_POST["password"]);

ÉÏÃaeÕa¶Î´uÂeÊDz»ÊǺÜÊiϤ£¿È»¶øMD5µÄ¼ÓÃܽʽĿǰÒѾ­²»Ì«°²È«ÁË£¬ÒoΪËuµÄ¼ÓÃÜËa¨ÊµÔÚÊÇÏÔµÃÓеa¼oµ¥ÁË£¬¶øÇҺܶaÆƽaÃÜÂeµÄÕ¾µa¶¼´aeÅÁ˺ܶa¾­¹ýMD5¼ÓÃܵÄÃÜÂe×Öu´®£¬ËuÒÔÕaÀiÎÒÊÇ*dz£²»Ìa³«»¹ÔÚµ¥µ¥Ê¹ÓÃMD5À´¼ÓÃÜÓû§µÄÃÜÂeµÄ¡£

SHA256 ºÍ SHA512

Æaʵ¸uÇ°ÃaeµÄMD5ͬÆڵĻ¹ÓÐÒ»¸oSHA1¼ÓÃܽʽµÄ£¬²»¹ýÒ²ÊÇËa¨±È½Ï¼oµ¥£¬ËuÒÔÕaÀi¾Í²»½eÉÜÁË¡£¶øÕaÀi¼´½«ÒªËµµ½µÄSHA256 ºÍ SHA512¶¼ÊÇÀ´×ÔÓÚSHA2¼Ò×aµÄ¼ÓÃܺ¯Êý£¬¿´Ãu×Ö¿ÉÄÜÄa¾Í²ÂµÄ³oÀ´ÁË£¬ÕaÁ½¸o¼ÓÃܽʽֱðÉu³É256ºÍ512±ÈÌس¤¶ÈµÄ hash×Ö´®¡£

ËuÃǵÄʹÓý¨ÈçÏ£º

    $password = hash("sha256", $password);

PHPÄÚÖÃÁËhash()º¯Êý£¬ÄaÖ»ÐeÒª½«¼ÓÃܽʽ´«¸øhash()º¯Êý¾ÍºÃÁË¡£Äa¿ÉÒÔÖ±½ÓÖ¸Ã÷sha256, sha512, md5, sha1µÈ¼ÓÃܽʽ¡£

ÑÎÖµ

ÔÚ¼ÓÃܵĹý³Ì£¬ÎÒÃÇ»¹ÓÐÒ»¸odz£³£¼uµÄ¶«Î÷£ºÑÎÖµ¡£¶Ô£¬ÎÒÃÇÔÚ¼ÓÃܵÄʱºoÆaʵ»a¸ø¼ÓÃܵÄ×Öu´®Ìi¼ÓÒ»¸o¶iÍaµÄ×Öu´®£¬ÒÔ´iµ½Ìa¸ßÒ»¶¨°²È«µÄÄ¿µÄ£¬²¢ÇÒÑÎÖµÒª¼Ç¼ÏÂÀ´£¬½±aÒÔºoµÄ±È¶Ô£º

    function generateHashWithSalt($password) {
      $intermediateSalt = md5(uniqid(rand(), true));
      $salt = substr($intermediateSalt, 0, 6); 
      return hash("sha256", $password . $salt);
    }

Bcrypt

Bcrypt²»Ê§ÎªÒ»ÖֱȽϲ»´iµÄ¼ÓÃÜ*½Ê½ÁË£¬µ«ÊǺoÃae½eÉÜµÄ Hashing API¸uºÃ¡£

    function generateHash($password) {
      if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) {
        $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22);
        return crypt($password, $salt);
      }
    }

Bcrypt Æaʵ¾ÍÊÇBlowfishºÍcrypt()º¯ÊýµÄ½aºÏ£¬ÎÒÃÇÕaÀiͨ¹ýCRYPT_BLOWFISHÅжÏBlowfishÊÇñ¿ÉÓã¬È»ºoÏñÉÏÃaeÒ»ÑuÉu³ÉÒ»¸oÑÎÖµ£¬²»¹ýÕaÀiÐeҪעÒaµÄÊÇ£¬crypt()µÄÑÎÖµ±ØÐeÒÔ $2a$ »oÕß $2y$ ¿ªÍ¡£

Password Hashing API

ÕaÀi²ÅÊÇÎÒÃǵÄÖØÍÏ£¬Password Hashing APIÊÇPHP 5.5Ö®ºo²ÅÓеÄÐÂÌØÐÔ£¬ËuÖ÷ÒªÊÇÌa¹(C)ÏÂÃae¼¸¸oº¯Êý¹(C)ÎÒÃÇʹÓãº

    password_hash()     //¶ÔÃÜÂe¼ÓÃÜ.
    password_verify()    //ÑeÖ¤ÒѾ­¼ÓÃܵÄÃÜÂe£¬¼iÑeÆahash×Ö´®ÊÇ*ñÒ»ÖÂ.
    password_needs_rehash() //¸øÃÜÂeÖØмÓÃÜ.
    password_get_info()   //*µ»Ø¼ÓÃÜËa*¨µÄÃu³ÆºÍÒ»Ð(C)Ïa¹ØÐÅÏ¢.

ʹÓÃÕaÌ× API²»½o¼oµ¥£¬¶øÇÒ¸u¼Ó°²È«£¬ÕaÒ²ÊÇ PHP¹Ù½ÍƼoµÄ¼ÓÃܽʽ¡£

    $hash = password_hash($passwod, PASSWORD_DEFAULT);

PASSWORD_DEFAULTĿǰʹÓõľÍÊÇBcrypt¼ÓÃÜËa¨£¬ÕaÀiÐeҪעÒaµÄÊÇ£¬Èç¹uÄa´uÂeʹÓõĶ¼ÊÇPASSWORD_DEFAULT¼ÓÃܽʽ£¬ÄÇôÔÚÊý¾Ý¿aµÄ±iÖУ¬password×ֶξ͵ÃÉeÖó¬¹ý60¸o×Öu³¤¶È£¬ÄaÒ²¿ÉÒÔʹÓÃPASSWORD_BCRYPTËa¨£¬¸ÃËa¨¼ÓÃܺoµÄ×Öu´®³¤¶È×ÜΪ60¡£

ÕaÀiʹÓà password_hash()ÄaÍeÈ«¿ÉÒÔ²»Ìa¹(C)ÑÎÖµ(salt)ºÍ ÏuºÄÖµ (cost)£¬Äa¿ÉÒÔ½«ºoÕßÀi½aΪһÖÖÐÔÄܵÄÏuºÄÖµ£¬costÔ½´o£¬¼ÓÃÜËa*¨Ô½¸´ÔÓ£¬ÏuºÄµÄÄÚ´aeÒ²¾ÍÔ½´o¡£µ±È»£¬Èç¹uÄaÐeÒªÖ¸¶¨¶ÔÓ¦µÄÑÎÖµºÍÏuºÄÖµ£¬Äa¿ÉÒÔÕaÑuд£º

    $options = [
      'salt' => custom_function_for_salt(), //×Ô¶¨Òaº¯ÊýÀ´»ñµÃÑÎÖµ
      'cost' => 12 // the default cost is 10
    ];
    $hash = password_hash($password, PASSWORD_DEFAULT, $options);

²»¹ýÒ»°a×Ô¶¨Òa cost¾ÍºÃÁË£¬ saltÖµÔoʹÓÃĬÈϵġ£

¼ÓÃܺúo£¬Ö»ÐeÒª¼oµ¥µÄʹÓü´¿ÉÑeÖ¤ÃÜÂeÊÇñÕýÈ

    <?php
    if (password_verify($password, $hash)) {
      // Pass
    }
    else {
      // Invalid
    }

Ö±½ÓʹÓÃpassword_verify¾Í¿ÉÒÔ¶ÔÎÒÃÇ֮ǰ¼ÓÃܹýµÄ×Ö*u´®£¨´aeÔÚÊý¾Ý¿aÖУ(C)½øÐÐÑeÖ¤ÁË¡£

Èç¹uÒª¸u»»¸u¸Ä¼ÓÃܵÄ*½Ê½£¬Ôo±ØÐeʹÓÃÒÔÏ´uÂeÀ´ÖØмÓÃÜ£º

    if (password_needs_rehash($hash, PASSWORD_DEFAULT, ['cost' => 12])) {
      // cost ±aΪ 12
      $hash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);

      // È»ºoÖØб£´ae hashÖµ
    }

Ö»ÓÐÕaÑu£¬PHPµÄ Password Hashing API²Å»aÖªµÀÎÒÃÇÖØÏÖ¸u»»Á˼ÓÃÜ*½Ê½£¬ÕaÑu²ÅÄÜÍe³ÉÖ®ºoµÄÃÜÂeÑeÖ¤¡£

password_get_info()£¬Õa¸oº¯ÊýÒ»°a¿ÉÒÔ¿´µ½ÏÂÃaeÈý¸oÐÅÏ¢£º

1¡¢algo ¨C Ëa*¨ÊµÀý

2¡¢algoName ¨C Ëa*¨Ãu×Ö

3¡¢options ¨C ¼ÓÃÜʱºoµÄ¿ÉÑ¡²ÎÊý

ÒÔÉϾÍÊDZ¾ÎĵÄÈ«²¿ÄÚÈÝ£¬Ï£Íu¶Ô´o¼ÒµÄѧϰÓÐËu°iÖu£¬Ò²Ï£Íu´o¼Ò¶a¶aÖ§³Ö½Å±¾Ö®¼Ò¡£