本文介绍了什么是使用PHP的crypt的河豚盐的正确格式?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已阅读 PHP手动输入< 根据手册,' $ 2a $ '应该足以指示 crypt ()使用blowfish方法;那么,以下三个角色的意义是什么?那么,盐的正确格式,如果这三个字符如此重要?
我已阅读 PHP手动输入< 根据手册,' $ 2a $ '应该足以指示 crypt ()使用blowfish方法;那么,以下三个角色的意义是什么?那么,盐的正确格式,如果这三个字符如此重要?
c $ c> 2a 指定要执行的回合数的log2。例如,10意味着做1024轮。通常情况下,10是正常的。不要使用太大的数字,否则您的密码将永远被验证。
请参阅为什么相关。 : - ) I have read the information provided on the PHP Manual Entry for crypt(), but I find myself still unsure of the format for a salt to trigger the Blowfish algorithm. According manual entry, I should use '$2$' or '$2a$' as the start of a 16 character string. However, in the example given later, they use a much longer string: '$2a$07$usesomesillystringforsalt$', which indicates to me that whatever string I provide will be sliced and diced to fit the model. The problem I am encountering is actually triggering the Blowfish algo vs STD_DES. Example: That hash is obviously not whirlpool, and is in fact STD_DES with only the first two characters of the salt being used for the salt. However, in the PHP Manual's example, their salt starts with '$2a$07$', so if I add those three characters to the same code I get the following: I've noticed I can provide some variance in the characters which are here shown as '07$', for example 04$ and 15$ both work, but 01$ through 03$ don't work (generates a blank string), and values such as 99$ and 85$ cause it to revert to STD_DES again. What is the significance of those three characters following the '$2a$' string which, as I am lead to believe by the manual, instruct the crypt function to use the blowfish method. According to the manual, '$2a$' should be enough to instruct crypt() to use the blowfish method; what, then, is the significance of the following three characters? What then, is the correct format for a salt, if these three characters are so significant? The number following the 2a specifies the log2 of the number of rounds to perform. For example, 10 means do 1024 rounds. Usually, 10 is normal. Don't use numbers that are too big, or your password will take forever to verify. See Why does BCrypt.net GenerateSalt(31) return straight away? for something related. :-) 这篇关于什么是使用PHP的crypt的河豚盐的正确格式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $26HdMTpoODt6
$foo = 'foo';
$salt = '$2a$' . hash('whirlpool', $foo); // 128 characters, will be truncated
$hash = crypt($foo, $salt);
// $hash = $2a$07$b1b2ee48991281a439da2OHi1vZF8Z2zIA.8njYZKR.9iBehxLoIC
The Question:
解决方案