問題:
Every now and then I hear the advice "Use bcrypt for storing passwords in PHP, bcrypt rules".我時不時地聽到“使用 bcrypt 在 PHP 中存儲密碼,bcrypt 規則”的建議。
But what is bcrypt
?但什麼是bcrypt
? PHP doesn't offer any such functions, Wikipedia babbles about a file-encryption utility and Web searches just reveal a few implementations of Blowfish in different languages. PHP 不提供任何這樣的功能,維基百科喋喋不休地談論一個文件加密實用程序,而網絡搜索只是揭示了一些不同語言的Blowfish實現。 Now Blowfish is also available in PHP via mcrypt
, but how does that help with storing passwords?現在 Blowfish 也可以通過mcrypt
在 PHP 中使用,但這對存儲密碼有什麼幫助? Blowfish is a general purpose cipher, it works two ways. Blowfish 是一種通用密碼,它有兩種工作方式。 If it could be encrypted, it can be decrypted.如果可以加密,則可以解密。 Passwords need a one-way hashing function.密碼需要一種單向散列函數。
What is the explanation?解釋是什麼?
解決方案:
參考一: https://stackoom.com/question/K7Uv參考二: How do you use bcrypt for hashing passwords in PHP?