问题描述
mcrypt-extension是将根据发布的评论在PHP 7.2中删除。所以我正在寻找另一种加密密码的方法。
The mcrypt-extension is deprecated will be removed in PHP 7.2 according to the comment posted here. So I am looking for a alternative way to encrypt passwords.
现在我正在使用像
mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key, true), $string, MCRYPT_MODE_CBC, $iv)
我需要您的意见,以最好/最强的方式来加密密码,PHP 7.xx支持的加密密码应该也是可解密的,因为我的客户希望有选择恢复他们的密码不产生新的密码。
I need your opinion for the best/strongest way to encrypt passwords, the encrypted password should ofcourse supported by PHP 7.xx and should also be decryptable because my customers do want to have option to 'recover' their passwords without generating a new one.
推荐答案
最好的做法是将密码加密,使其不可解密。对于可能访问您的数据库或文件的攻击者来说,这样做会更加困难。
It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.
如果您必须对数据进行加密并使其可解密,则需要安全加密指南/解密可从。总结一下这个链接:
If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:
- 使用 - 一个PHP扩展名
- 如果您不能使用Libsodium,请使用 - 直接PHP代码
- 如果您不能使用Libsodium或defuse / php-encryption,请使用 - 很多服务器已经安装了。如果没有,可以使用--with-openssl [= DIR]
- Use Libsodium - A PHP extension
- If you can't use Libsodium, use defuse/php-encryption - Straight PHP code
- If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]
这篇关于PHP 7 - mcrypt已弃用,需要备用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!