可能重复: 为PHP密码保护哈希和盐
这是加密密码以存储在mysql数据库中的安全方法:
md5(sha1($password))谢谢。
Possible Duplicate: Secure hash and salt for PHP passwords
Is this a secure way to encrypt the passwords to store in a mysql database:
md5(sha1($password))Thanks.
最满意答案
你在这里做的是散列 ,而不是加密 。
散列的目的是不将密码本身存储在数据库中,这样如果数据库被盗,攻击者将无法获得所有用户密码的知识。
散列应该与散列哈希一起使用,否则对于已经获得数据库访问权限的攻击者来说,破解存储在那里的弱密码将相对容易。
此外,对相同的输入进行两次哈希处理(例如md5和sha1示例)并没有提供任何显着的好处。
What you are doing here is hashing, not encrypting.
Hashing has the purpose of not storing the password itself in the database, so that if the database is stolen the attacker will not gain knowledge of all user passwords.
Hashing should be used in conjunction with salting the hashes, because otherwise it will be relatively easy for an attacker who has gained access to the database to crack the weak passwords stored there.
Also, hashing the same input twice (as your example does with md5 and sha1) does not offer any significant benefit.
更多推荐
发布评论