Laravel 5.2 默认的密码加密,怎么加点盐?
laravel 5.2 默认的密码加密,怎么加点盐?
顺便弱弱的问一下:盐是啥?
<code> protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}</code>回复内容:
laravel 5.2 默认的密码加密,怎么加点盐?
顺便弱弱的问一下:盐是啥?
<code> protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}</code>
bcrypt生成的密码hash中已经包含盐了
盐是用于防止从彩虹表中反查出密码的随机字符串
没有盐的情况: 用户密码是123456, 傻程序员就直接在数据库保存hash('123456'), 坏人拿到数据库后就可以直接从这个hash反查出密码
有盐的情况: 用户仍然用123456, 正常程序员在数据库保存hash('123456'+盐)和盐. 坏人拿到数据库后很难从这个hash还原出密码 (暴力破解仍然可能, 但是至少把低成本的彩虹表废掉了)
https://github.com/laravel/framework/blob/5.1/src/Illuminate/Hashing/BcryptHasher.php
查看这部分的源代码可得,
<code> // Laravel 的 bcrypt 就是 $hash = password_hash($value, PASSWORD_BCRYPT, ['cost' => 10]);</code>
因为 password_hash 使用的是 crypt 算法, 因此参与计算 hash值的:
算法(就像身份证开头能知道省份一样, 由盐值的格式决定), cost(默认10) 和 盐值 是在$hash中可以直接看出来的!
所以说, Laravel 中bcrypt的盐值是PHP自动随机生成的字符, 虽然同一个密码每次计算的hash不一样.
但是通过 $hash 和 密码, 却可以验证密码的正确性!
具体来说, 比如这个
<code>$hash = password_hash('password',PASSWORD_BCRYPT,['cost' => 10]);
echo $hash;
// 比如我这次算的是
// $hash = '$2y$10$DyAJOutGjURG9xyKgAaCtOm4K1yezvgNkxHf6PhuLYBCENk61bePm';</code>那么我们从这个 crypt的hash值中可以看到,
因为以$2y$开头, 所以它的算法是 CRYPT_BLOWFISH .
同时 CRYPT_BLOWFISH 算法盐值格式规定是 :
以$2y$开头 + 一个两位cost参数 + $ + 22位随机字符("./0-9A-Za-z")
$hash(CRYPT_BLOWFISH是固定60位) = 盐值 + 31位单向加密后的值
参见: https://secure.php.net/manual/en/function.crypt.php
验证密码
<code>if (password_verify('password', $hash)) {
echo '密码正确.';
} else {
echo '密码错误!';
}
// 原理是:
if ($hash === crypt('password', '$2y$10$DyAJOutGjURG9xyKgAaCtO')) {
echo '密码正确.';
} else {
echo '密码错误!';
}
</code>
如果自己写用户系统并且使用PHP5.5+或PHP7,可以考虑使用PHP自带的password_hash()和password_verify(),非常方便
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
Laravel Eloquent ORM in Bangla partial model search)
Apr 08, 2025 pm 02:06 PM
LaravelEloquent Model Retrieval: Easily obtaining database data EloquentORM provides a concise and easy-to-understand way to operate the database. This article will introduce various Eloquent model search techniques in detail to help you obtain data from the database efficiently. 1. Get all records. Use the all() method to get all records in the database table: useApp\Models\Post;$posts=Post::all(); This will return a collection. You can access data using foreach loop or other collection methods: foreach($postsas$post){echo$post->
The Future of PHP: Adaptations and Innovations
Apr 11, 2025 am 12:01 AM
The future of PHP will be achieved by adapting to new technology trends and introducing innovative features: 1) Adapting to cloud computing, containerization and microservice architectures, supporting Docker and Kubernetes; 2) introducing JIT compilers and enumeration types to improve performance and data processing efficiency; 3) Continuously optimize performance and promote best practices.
PHP vs. Python: Understanding the Differences
Apr 11, 2025 am 12:15 AM
PHP and Python each have their own advantages, and the choice should be based on project requirements. 1.PHP is suitable for web development, with simple syntax and high execution efficiency. 2. Python is suitable for data science and machine learning, with concise syntax and rich libraries.
PHP and Python: Comparing Two Popular Programming Languages
Apr 14, 2025 am 12:13 AM
PHP and Python each have their own advantages, and choose according to project requirements. 1.PHP is suitable for web development, especially for rapid development and maintenance of websites. 2. Python is suitable for data science, machine learning and artificial intelligence, with concise syntax and suitable for beginners.
PHP's Current Status: A Look at Web Development Trends
Apr 13, 2025 am 12:20 AM
PHP remains important in modern web development, especially in content management and e-commerce platforms. 1) PHP has a rich ecosystem and strong framework support, such as Laravel and Symfony. 2) Performance optimization can be achieved through OPcache and Nginx. 3) PHP8.0 introduces JIT compiler to improve performance. 4) Cloud-native applications are deployed through Docker and Kubernetes to improve flexibility and scalability.
Laravel's geospatial: Optimization of interactive maps and large amounts of data
Apr 08, 2025 pm 12:24 PM
Efficiently process 7 million records and create interactive maps with geospatial technology. This article explores how to efficiently process over 7 million records using Laravel and MySQL and convert them into interactive map visualizations. Initial challenge project requirements: Extract valuable insights using 7 million records in MySQL database. Many people first consider programming languages, but ignore the database itself: Can it meet the needs? Is data migration or structural adjustment required? Can MySQL withstand such a large data load? Preliminary analysis: Key filters and properties need to be identified. After analysis, it was found that only a few attributes were related to the solution. We verified the feasibility of the filter and set some restrictions to optimize the search. Map search based on city
Laravel and the Backend: Powering Web Application Logic
Apr 11, 2025 am 11:29 AM
How does Laravel play a role in backend logic? It simplifies and enhances backend development through routing systems, EloquentORM, authentication and authorization, event and listeners, and performance optimization. 1. The routing system allows the definition of URL structure and request processing logic. 2.EloquentORM simplifies database interaction. 3. The authentication and authorization system is convenient for user management. 4. The event and listener implement loosely coupled code structure. 5. Performance optimization improves application efficiency through caching and queueing.
PHP: The Foundation of Many Websites
Apr 13, 2025 am 12:07 AM
The reasons why PHP is the preferred technology stack for many websites include its ease of use, strong community support, and widespread use. 1) Easy to learn and use, suitable for beginners. 2) Have a huge developer community and rich resources. 3) Widely used in WordPress, Drupal and other platforms. 4) Integrate tightly with web servers to simplify development deployment.
