问题描述
我用来制造盐md5(rand(0,10000000)); (可能有更好的方法吗?)
I've created a salt using; md5(rand(0,10000000)); (there is probably a better way?)
在MYSQL中似乎不可能使文本字段唯一.那么如何检查盐是否已被以前的用户使用过?
There doesn't seem to be possible to make a text field unique in MYSQL. So how do I check if the salt has already been used for a previous user?
还是应该根据当前日期/时间生成盐?因为两个用户不可能在同一时间正确注册?
Or should I generate the salt based on the current date/time? as it is impossible for 2 users to register at exactly the same time correct?
推荐答案
对于盐而言,唯一性比长度和可预测性更重要.您认为攻击者已经吃了盐.
For a salt, uniqueness is more important than length and predictability. You assume the attacker has the salt.
最好使用通用唯一标识符(UUID),并且有一些示例可以在php的文档页面上生成php uniqueid()函数.与随机字符串相比,UUID具有可读性和固定长度的优点,因此您可以将其存储在varchar字段中,并使用唯一索引来确保不会重复.
A universally unique identifier (UUID) would be best, and there are examples that generate universally unique identifiers on the doc page for the php uniqueid() function. A UUID has the advantage over a random string in that it's human readable and a fixed length, therefore you can store it in a varchar field and use a unique index to ensure there aren't ever duplicates.
使用MD5散列时间是生成唯一值的常用方法,因为它具有固定的长度并且易于阅读.但是,仅生成固定长度的随机字符串并自己将其编码为十六进制,这更有意义.哈希并不是为唯一性而设计的,而是因为它们被设计为不可逆的.使用散列函数可确保发生冲突,尽管SHA1的冲突少于MD5.
Hashing the time with MD5 is a common method to generate unique values because it has a fixed length and is human readable. However, it makes more sense just to generate a fixed length random string and encode it into hex yourself. Hashes aren't designed for uniqueness so much as they're designed not to be reversible. Using a hashing function guarantees collisions, though there will be less collisions with SHA1 than MD5.
盐的长度实际上只是一个因素,因为盐越长,它在全球范围内唯一的可能性就越大.
The length of the salt is really only a factor because the longer the salt, the more likely it is to be universally unique.
这篇关于MySQL和php中的唯一文本字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!