问题描述

嗨
我正在尝试安全地存储用户的密码，我知道如果我搞砸了它的大问题。我是密码学的新手，我听说使用PHpass和Blowfish Crypt是最好的？我将如何开始使用它（以及服务器设置（我目前正在使用EasyPHP for dev））？



此外，这是一个大问题，来自我明白盐是随机的。如果是这样，我如何获得盐以确保用户的密码是正确的？



此外，文档声明数据库设置必须保存在配置文件。这样做有什么好处？



对于新问题我很抱歉，但我担心我会误解文档或谷歌并造成巨大的安全漏洞。



提前致谢



雅克



PS这是我正在开发的一个开源项目，所以假设攻击者也可以获得源代码。

HiI am trying to store users' passwords securely and I know if I mess up its a big deal.I am new to Cryptography and I heard that using PHpass with Blowfish Crypt is the best? How would I start using it (as well as server setup(I'm currently using EasyPHP for dev))?

Also, and this is the big question, from the docs I understand that the salt is random. If so, how would I get the salt to make sure that the users' password is correct?

Also, the docs state that the database settings must be kept in a config file. What are the benefits of doing this?

Sorry for the newb questions but I am worried that I misunderstand the docs or Google and create a huge security gap.

Thanks in advance

Jacques

P.S. This is an open source project I am working on, so assume the attackers can get the source as well.

推荐答案

这篇关于如何开始使用PHpass？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！