上述变量包含一个名为test.I的密码我想使用sha512 md5和盐哈希这个密码我如何做到这一点只发现盐和sha512的好处,我已经知道md5加密。我需要解决方案,因为我的系统是可耻的
请用代码示例解释,因为im仍然附加到md5
$ pass =test; $ hashed_pass = openssl_digest($ pass,'sha512');ok似乎足够坚固,但是什么是[salt ='']? 是否产生一个随机的盐串或什么如果是这样实现它?
解决方案编辑:由于这个答案似乎还是引起了一些兴趣,所以让我引导你们走向 password_hash() ,这本质上是围绕 crypt()的包装使用起来更简单如果您使用PHP< 5.5,那么 password_compat 是由同一个人写的,实际上是链接关闭官方文档。
如果您已经使用 crypt(),值得注意的是 password_verify() 和 password_needs_rehash() 将使用所有 crypt() - 密码,所以几乎没有原因不更新!
使用 crypt() ,它提供了更强大的哈希方法。
填写新密码:
//生成一个16个字符的盐string $ salt = substr(str_replace('+','。',base64_encode(md5(mt_rand(),true))),0,16); //字串将被多少次 $ rounds = 10000; //传入密码,轮数和盐 // $ 5 $指定SHA256-CRYPT,如果您真的想要SHA512 echo crypt('password123'),则使用$ 6 $ ,sprintf('$ 5 $ rounds =%d $%s $',$ rounds,$ salt)); //输出:$ 5 $ rounds = 10000 $ 3ES3C7XZpT7WQIuC $ BEKSvZv。/ Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8比较现有密码:
//为用户存储的哈希 $ given_hash ='$ 5 $ rounds = 10000 $ 3 ES3C7XZpT7WQIuC $ BEKSvZv / Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8' 。 $ test_pw ='password123'; //从存储的哈希 //中提取哈希方法,回合数和盐,并相应地哈希密码字符串 $ parts = explode('$' $ given_hash); $ test_hash = crypt($ test_pw,sprintf('$%s $%s $%s $',$ parts [1],$ parts [2],$ parts [3])); //比较 echo $ given_hash。 \\\。 $ test_hash。 \\\。 var_export($ given_hash === $ test_hash,true); / *输出: $ 5 $ rounds = 10000 $ 3ES3C7XZpT7WQIuC $ BEKSvZv。/ Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8 $ 5 $ rounds = 10000 $ 3ES3C7XZpT7WQIuC $ BEKSvZv。/ Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8 true * /$pass="test"
the above variable contains a password called test.I want to hash this password using sha512 md5 and salt how do i do that as ive found only benifits of salt and sha512,i allready know md5 encryption.please i need the solution as my system is vunerable
and please explain it with a code example because im still attached to md5
from what ive understood by your comments and answers ive got the following code
$pass="test"; $hashed_pass= openssl_digest($pass, 'sha512');ok seems solid enough but what is [salt='']? does it generate a random salt string or something if so the how to implement it?
解决方案Edit: Since this answer still seems to be generating a bit of interest, let me steer you all towards password_hash() which is essentially a wrapper around crypt() but much simpler to use. If you're using PHP<5.5 there is password_compat which was written by the same guy and is actually linked off of the official documentation.
If you're already using crypt() it's worth noting that both password_verify() and password_needs_rehash() will work with all crypt()-style passwords, so there's hardly a reason not to update!
Use crypt(), it provides MUCH stronger hashing methods.
Hash a new password:
// generate a 16-character salt string $salt = substr(str_replace('+','.',base64_encode(md5(mt_rand(), true))),0,16); // how many times the string will be hashed $rounds = 10000; // pass in the password, the number of rounds, and the salt // $5$ specifies SHA256-CRYPT, use $6$ if you really want SHA512 echo crypt('password123', sprintf('$5$rounds=%d$%s$', $rounds, $salt)); // output: $5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8Compare an existing password:
// the hash stored for the user $given_hash = '$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8'; $test_pw = 'password123'; // extract the hashing method, number of rounds, and salt from the stored hash // and hash the password string accordingly $parts = explode('$', $given_hash); $test_hash = crypt($test_pw, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3])); // compare echo $given_hash . "\n" . $test_hash . "\n" . var_export($given_hash === $test_hash, true); /* output: $5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8 $5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8 true */
更多推荐
如何实现sha 512,md5和salt加密全为一个密码
发布评论