What is the best method for hashing user passwords in a mysql database?
在mysql数据库中散列用户密码的最佳方法是什么?
5 个解决方案
#1
4
I use Portable PHP password hashing framework, as does Wordpress.
我使用Portable PHP密码哈希框架,Wordpress也是如此。
Link: Portable PHP password hashing framework
链接:便携式PHP密码哈希框架
#3
0
You can use Mycript, and choose an appropriate hashing alghoritm (i suggest a SHA-2 family for good trade between speed / security), better with salting. BUT as someone else suggested, i think it's better to use a standard frawework and don't reinvent the wheel for the thousanth time: check phpass library.
你可以使用Mycript,并选择一个合适的哈希alghoritm(我建议使用SHA-2系列来实现速度/安全性之间的良好交易),更好地使用盐腌。但正如其他人所建议的那样,我认为最好使用标准的frawework并且不要在thousanth时间重新发明*:检查phpass库。
#4
0
http://php.net/manual/en/function.hash.php
and choose a good hash function.. sha256 if you build nuclear rockets..
http://php.net/manual/en/function.hash.php并选择一个好的哈希函数.. sha256如果你制造核火箭..
but using an openid would be even better: http://openid.net/get-an-openid/what-is-openid/
但使用openid会更好:http://openid.net/get-an-openid/what-is-openid/
then you don't need all those things :)
那么你不需要所有这些东西:)
#5
-1
In the first place you should be thinking not of the best hashing function but of disallowing simple passwords.
首先,您应该考虑的不是最佳散列函数,而是禁止使用简单密码。
Otherwise no hashing will help.
否则没有散列会有所帮助。
Thus, first of all check user passwords for complexity, ask them to be at least 10 characters long, contains different case letters and numbers.
因此,首先检查用户密码的复杂性,要求它们至少10个字符长,包含不同的大小写字母和数字。
Then you have to make a hash of it, by adding some salt. users email or registration time would be okay.
然后你必须通过添加一些盐来制作它的哈希值。用户的电子邮件或注册时间都可以。
$hashedpass = MD5($email.$pass);
that's all
就这样
#1
4
I use Portable PHP password hashing framework, as does Wordpress.
我使用Portable PHP密码哈希框架,Wordpress也是如此。
Link: Portable PHP password hashing framework
链接:便携式PHP密码哈希框架
#2
#3
0
You can use Mycript, and choose an appropriate hashing alghoritm (i suggest a SHA-2 family for good trade between speed / security), better with salting. BUT as someone else suggested, i think it's better to use a standard frawework and don't reinvent the wheel for the thousanth time: check phpass library.
你可以使用Mycript,并选择一个合适的哈希alghoritm(我建议使用SHA-2系列来实现速度/安全性之间的良好交易),更好地使用盐腌。但正如其他人所建议的那样,我认为最好使用标准的frawework并且不要在thousanth时间重新发明*:检查phpass库。
#4
0
http://php.net/manual/en/function.hash.php
and choose a good hash function.. sha256 if you build nuclear rockets..
http://php.net/manual/en/function.hash.php并选择一个好的哈希函数.. sha256如果你制造核火箭..
but using an openid would be even better: http://openid.net/get-an-openid/what-is-openid/
但使用openid会更好:http://openid.net/get-an-openid/what-is-openid/
then you don't need all those things :)
那么你不需要所有这些东西:)
#5
-1
In the first place you should be thinking not of the best hashing function but of disallowing simple passwords.
首先,您应该考虑的不是最佳散列函数,而是禁止使用简单密码。
Otherwise no hashing will help.
否则没有散列会有所帮助。
Thus, first of all check user passwords for complexity, ask them to be at least 10 characters long, contains different case letters and numbers.
因此,首先检查用户密码的复杂性,要求它们至少10个字符长,包含不同的大小写字母和数字。
Then you have to make a hash of it, by adding some salt. users email or registration time would be okay.
然后你必须通过添加一些盐来制作它的哈希值。用户的电子邮件或注册时间都可以。
$hashedpass = MD5($email.$pass);
that's all
就这样