how to do crypt and password_hash in php 5.6
嗨,有人能告诉我如何使用
Notice: crypt(): No salt parameter was specified.
号
必须使用随机生成的salt和强哈希函数来生成安全哈希。
用法是非常直接的,下面的例子总结了它:
1 2 3 4 5 6 7 | // Hash a new password for storing in the database. // The function automatically generates a cryptographically safe salt. $hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT); // Check if the hash of the entered login password, matches the stored hash. // The salt and the cost factor will be extracted from $existingHashFromDb. $isPasswordCorrect = password_verify($password, $existingHashFromDb); |
函数声明如下:
1 |
号
但文件指出:
The
salt parameter is optional. However,crypt() creates a weak password without thesalt . PHP 5.6 or later raise anE_NOTICE error without it. Make sure to specify a strong enough salt for better security.
号
也就是说,如果您想继续使用不含盐的函数(这将是愚蠢的),或者使用盐,则只需忽略通知。
但是,请注意,文档继续这样说:
password_hash() uses a strong hash, generates a strong salt, and applies proper rounds automatically.password_hash() is a simplecrypt() wrapper and compatible with existing password hashes. Use ofpassword_hash() is encouraged.
号
(最后一个重点是我的。)