密码散列安全,密码散
密码散列安全,密码散
hash,一般翻译做“散列”,也有直接音译为“哈希”的,就是把任意长度的输入(又叫做预映射),通过散列算法,变换成固定长度的输出,该输出就是散列值。
通过对密码进行散列处理,然后再保存到数据库中,这样就使得攻击者无法直接获取原始密码,同时还可以保证你的应用可以对原始密码进行相同的散列处理,然后比对散列结果。
但是,密码散列只能保护密码不会被从数据库中直接窃取,无法保证注入到应用中的恶意代码拦截到原始密码。
MD5、sha1,、sha256这样的散列算法是面向快速、高效进行散列处理而设计的。现代化计算机可以快速的“反转”上述散列算法的散列值,不建议在密码散列中使用这些算法。
当进行密码散列处理的时候,有两个必须考虑的因素:计算量以及“盐”。散列算法的计算量越大,暴力破解所需的时间就越长。
php5.5提供一个原生密码散列API ,它提供一种安全的方式来完成密码散列和验证。password_hash()函数会随机生成“盐”。
php5.3及后续版本中,还可以使用crypt()函数,它支持多种散列算法。php提供了对应的原生实现,所有在使用此函数的时候,你需要保证所选的散列算法是你的系统所支持的。当对密码进行散列处理的时候,建议采用Blowfish算法,相比MD5或者sha1,这个算法提供了更高的计算量,同时还有良好的伸缩性。
crypt(),采用Blowfish算法,如下:
<span>if</span> (CRYPT_BLOWFISH == 1<span>) {
</span><span>echo</span> 'Blowfish: ' . <span>crypt</span>('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$') . "\n"<span>;
}</span>输出:
Blowfish: $2a$07<span>$usesomesillystringfore2uDLvp1Ii2e</span>./U9C8sBjqp8I90dH6hi
string crypt ( string $str [, string $salt ] )
Blowfish 算法使用如下盐值:"$2a$",一个两位 cost 参数,"$" 以及 64 位由 "./0-9A-Za-z" 中的字符组合而成的字符串。在盐值中使用此范围之外的字符将导致 crypt() 返回一个空字符串。两位 cost 参数是循环次数以 2 为底的对数,它的范围是 04-31,超出这个范围将导致 crypt() 失败。 PHP 5.3.7 之前只支持 "$2a$" 作为盐值的前缀,PHP 5.3.7 开始引入了新的前缀来修正一个在Blowfish实现上的安全风险。总而言之,开发者如果仅针对 PHP 5.3.7及之后版本进行开发,那应该使用 "$2y$" 而非 "$2a$"。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1377
52
How to set router WiFi password using mobile phone (using mobile phone as tool)
Apr 24, 2024 pm 06:04 PM
Wireless networks have become an indispensable part of people's lives in today's digital world. Protecting the security of personal wireless networks is particularly important, however. Setting a strong password is key to ensuring that your WiFi network cannot be hacked by others. To ensure your network security, this article will introduce in detail how to use your mobile phone to change the router WiFi password. 1. Open the router management page - Open the router management page in the mobile browser and enter the router's default IP address. 2. Enter the administrator username and password - To gain access, enter the correct administrator username and password in the login page. 3. Navigate to the wireless settings page - find and click to enter the wireless settings page, in the router management page. 4. Find the current Wi
Don't worry about watching movies without subtitles! Xiaomi announces the launch of Xiaoai Translation real-time subtitles for Japanese and Korean translation
Jul 22, 2024 pm 02:11 PM
According to news on July 22, today, the official Weibo of Xiaomi ThePaper OS announced that Xiaoai Translation has been upgraded. Real-time subtitles have been added to Japanese and Korean translations, and subtitle-free videos and live conferences can be transcribed and translated in real time. Face-to-face simultaneous interpretation supports translation into 12 languages, including Chinese, English, Japanese, Korean, Russian, Portuguese, Spanish, Italian, French, German, Indonesian, and Hindi. The above functions currently only support the following three new phones: Xiaomi MIX Fold 4 Xiaomi MIX Flip Redmi K70 Extreme Edition It is reported that in 2021, Xiao Ai’s AI subtitles will be added to Japanese and Korean translations. AI subtitles use Xiaomi’s self-developed simultaneous interpretation technology to provide a faster, more stable and accurate subtitle reading experience. 1. According to the official statement, Xiaoai Translator can not only be used in audio and video venues
Tutorial on changing wifi password on mobile phone (simple operation)
Apr 26, 2024 pm 06:25 PM
Wireless networks have become an indispensable part of our lives with the rapid development of the Internet. In order to protect personal information and network security, it is very important to change your wifi password regularly, however. To help you better protect your home network security, this article will introduce you to a detailed tutorial on how to use your mobile phone to change your WiFi password. 1. Understand the importance of WiFi passwords. WiFi passwords are the first line of defense to protect personal information and network security. In the Internet age, understanding its importance can better understand why passwords need to be changed regularly. 2. Confirm that the phone is connected to wifi. First, make sure that the phone is connected to the wifi network whose password you want to change before changing the wifi password. 3. Open the phone’s settings menu and enter the phone’s settings menu.
What should I do if my Win10 password does not meet the password policy requirements? What to do if my computer password does not meet the policy requirements?
Jun 25, 2024 pm 04:59 PM
In the Windows 10 system, the password policy is a set of security rules to ensure that the passwords set by users meet certain strength and complexity requirements. If the system prompts that your password does not meet the password policy requirements, it usually means that your password does not meet the requirements set by Microsoft. standards for complexity, length, or character types, so how can this be avoided? Users can directly find the password policy under the local computer policy to perform operations. Let’s take a look below. Solutions that do not comply with password policy specifications: Change the password length: According to the password policy requirements, we can try to increase the length of the password, such as changing the original 6-digit password to 8-digit or longer. Add special characters: Password policies often require special characters such as @, #, $, etc. I
How to easily get the WiFi password of a connected mobile phone (quickly find the WiFi password saved in the mobile phone)
May 08, 2024 pm 01:10 PM
Our mobile phones have become an integral part of our lives in modern society. Wireless network connections have also become an indispensable tool in our daily lives. However, sometimes we face such a situation: we want to connect to other devices but are unable to do so, we connect to WiFi but forget the password. How to easily get the WiFi password of a connected mobile phone? Find the saved WiFi password on the phone 1. Find the "WiFi" option in the settings, find and click it, and enter the phone's settings interface "WiFi" to enter the WiFi settings page, option. 2. Open the connected WiFi network details, find the name of the connected WiFi network, click to enter the detailed information page of the network, in the WiFi settings page. 3.
How to reset WiFi password through router (simple steps to help you protect your home network security)
May 03, 2024 pm 03:01 PM
Wireless networks have become an integral part of our lives in modern society. Securing your home WiFi network is also becoming increasingly important, however. Resetting your WiFi password is a critical task to ensure network security. To protect your home network security, this article will introduce you how to reset your WiFi password through your router. Understand the router login interface. Connect to the router and open the management page. Enter the administrator username and password. Enter the wireless settings option. Find the current WiFi name and password. Back up the network settings. Select the modify password option. Enter the new WiFi password. Set a strong password. Save the settings and exit. Reconnect the device to Test the new WiFi network to see if the connection is successful. Configure other security settings. Change the WiFi password regularly to learn the route.
How should the Java framework security architecture design be balanced with business needs?
Jun 04, 2024 pm 02:53 PM
Java framework design enables security by balancing security needs with business needs: identifying key business needs and prioritizing relevant security requirements. Develop flexible security strategies, respond to threats in layers, and make regular adjustments. Consider architectural flexibility, support business evolution, and abstract security functions. Prioritize efficiency and availability, optimize security measures, and improve visibility.
Security configuration and hardening of Struts 2 framework
May 31, 2024 pm 10:53 PM
To protect your Struts2 application, you can use the following security configurations: Disable unused features Enable content type checking Validate input Enable security tokens Prevent CSRF attacks Use RBAC to restrict role-based access
