我知道有关这个问题的问题很多,但我真的需要问这个问题。
今天我一直在使用md5加密密码。 / p>
所以我做了什么。
我有4种盐。 (它们根据用户值而变化)
然后我md5 salt1和3以及salt 2和salt4的密码
此后,我必须自动更改密码,只要用户更改电子邮件或更改其ID。
你们有什么想法?
解决方案没有任何东西
MD5坏了, p>
使用mailaddress作为salt是一个好主意。但是使用md5不是。使用bcrypt,scrypt或pbkdf2。
不要发明自己的ecryption,除非你真的知道你在做什么,相信我,你不会/ p>
I know that there are alots of questions about this subject but i really need to ask this.
Today I've been working on encrypting passwords with md5.
So what I've done is.
I got 4 salts. (they changes depending on user values)
Then i md5 salt1 and 3 and the password with salt 2 and salt4
After this I have to change the password automatically whenever a user changes his email or his id getting changed.
What do you guys think about this?
解决方案Nothing.
MD5 is broken and bad.
Using the mailaddress as salt is a good idea. But using md5 is not. Use instead bcrypt, scrypt or pbkdf2.
Don't invent your own ecryption, unless you really know what you are doing, and trust me, you don't
更多推荐
Md5盐密码php
发布评论