嗨我正在尝试安全地存储用户的密码,我知道如果我搞砸了它的大问题。我是密码学的新手,我听说使用PHpass和Blowfish Crypt是最好的?我将如何开始使用它(以及服务器设置(我目前正在使用EasyPHP for dev))? 此外,这是一个大问题,来自我明白盐是随机的。如果是这样,我如何获得盐以确保用户的密码是正确的? 此外,文档声明数据库设置必须保存在配置文件。这样做有什么好处? 对于新问题我很抱歉,但我担心我会误解文档或谷歌并造成巨大的安全漏洞。 提前致谢 雅克 PS这是我正在开发的一个开源项目,所以假设攻击者也可以获得源代码。
Hi I am trying to store users' passwords securely and I know if I mess up its a big deal.I am new to Cryptography and I heard that using PHpass with Blowfish Crypt is the best? How would I start using it (as well as server setup(I'm currently using EasyPHP for dev))? Also, and this is the big question, from the docs I understand that the salt is random. If so, how would I get the salt to make sure that the users' password is correct? Also, the docs state that the database settings must be kept in a config file. What are the benefits of doing this? Sorry for the newb questions but I am worried that I misunderstand the docs or Google and create a huge security gap. Thanks in advance Jacques P.S. This is an open source project I am working on, so assume the attackers can get the source as well.
推荐答案
更多推荐
如何开始使用PHpass?
发布评论