我想用PHP安全的用戶密碼存儲在MySQL數據庫。PHP存儲密碼與河豚和鹽胡椒粉
我該如何做得更好?
我的班級:
private static $algo = '$2a';
private static $cost = '$10';
private static $pepper = 'eMI8MHpEByw/M4c9o7sN3d';
public static function generateSalt($length) {
$randomBinaryString = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
$randomEncodedString = str_replace('+', '.', base64_encode($randomBinaryString));
return substr($randomEncodedString, 0, $length);
}
public static function generateHash($password) {
if (!defined('CRYPT_BLOWFISH'))
die('The CRYPT_BLOWFISH algorithm is required (PHP 5.3).');
$password = hash_hmac('sha256', $password, self::$pepper, false);
return crypt($password, self::$algo . self::$cost . '$' . self::generateSalt(22));
}
public static function checkPassword($hash, $password) {
$salt = substr($hash, 0, 29);
$password = hash_hmac('sha256', $password, self::$pepper, false);
$new_hash = crypt($password, $salt);
return ($hash == $new_hash);
}
它是這樣的 – 2013-02-21 13:56:18
雖然這在技術上有一個答案,你的問題是相當武斷和開放式的,應該改寫,以解決一個特定的問題,而不是。 – Amelia 2013-02-21 14:06:26
對不起,這是我的第一個「問題」,下次我會變得更好! – veriox 2013-02-21 14:17:15