本文介绍了如何使用Bcrypt存储用户密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在设计一个php网站,我用sha1为用户存储密码,但后来我读了是不安全的,它更好地使用Bcrypt,现在我试图找到关于Bcrypt的信息,但是这些问题 - 太复杂了,我不明白他们解释了什么。

 <?php $ pass = sha1($ _ POST [password]); ?> 

但可能是:

 <?php $ pass = bcrypt($ _ POST [password]); ?> 

或者哪一个比两者好。如果您使用的PHP版本是5.5+,那么您可以使用password_hash()和password_verify(); / b>

示例:

  $ hash = password_hash(mypassword,PASSWORD_BCRYPT ); 

并验证:

  if(password_verify('mypassword',$ hash)){
echo'Password is valid!';
} else {
echo'密码无效。';



$ b

这是目前PHP中最好且最安全的方法,在方法里面。


I am designing a php website, and I used sha1 to store password for the users, but I later read that sha1 is unsafe, Its better i use Bcrypt, now I try to find about Bcrypt but these questions - How do you use bcrypt for hashing.. and Is Bcrypt used for Hashing is too complex, I dont understand what they explain.

<?php $pass = sha1($_POST["password"]); ?>

but could it be:

<?php $pass = bcrypt($_POST["password"]); ?>

or which is better than both. Thanks

解决方案

If you are using PHP version 5.5+, you may use the method password_hash(), and password_verify();

EXAMPLE:

$hash = password_hash("mypassword", PASSWORD_BCRYPT);

and to verify:

if (password_verify('mypassword', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

This is the best and most secured in PHP today since the salt is built-in inside the method.

这篇关于如何使用Bcrypt存储用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-16 12:20