duanlou7910 2012-05-26 20:42
浏览 10
已采纳

河豚地穴混乱

Not sure why but i think i have totally not understood how this works....

I found an example script which had this:

echo crypt('abc123', '$2a$04$saltsaltsaltsaltsaltxx');

And it claims to give the output:

$2a$04$saltsaltsaltsaltsaltxuK2.MS4sJd6ZjnuS0fp2eenjndo.g4hS

But when i did it the same code i get:

 $2pGiQ0v1IyNY

As an output... doesn't really explain anything to me so far or why i get a different output to the example i saW?

I'm trying to get the sale + the hashed password and store them in the user table for each user but I'm not following how to:

a) generate a random salt per user

b) get the salt and the hash password from it to store it ?

c) how you then check it on for example a login page

  • 写回答

1条回答 默认 最新

  • douao1858 2012-05-27 09:53
    关注

    From PHP docs:

    Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 digits from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause crypt() to fail.

    You don't need to split the salt from the hashed password. You store the entire string ("$2a$04$saltsaltsaltsaltsaltxuK2.MS4sJd6ZjnuS0fp2eenjndo.g4hS"), and when you want to verify if a provided password matches your hash, you do

    if (crypt($form_password, $stored_hash) == $stored_hash) {
    // password is correct
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 孟德尔随机化结果不一致
  • ¥20 求用stm32f103c6t6在lcd1206上显示Door is open和password:
  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法