duanaozhong0696 2014-03-26 15:19
浏览 73
已采纳

PHP Sha512哈希充足? [重复]

This question already has an answer here:

I am using the basic PHP hash function to hash a password. Is the password secure enough/future proof? Or is there a industry standard on how php password sha512 hashing would be implemented? The hashed passwords are are not encypted (open to the public), so it must be super crack-proof. Thanks for your suggestions. 

$password = 'passw0rd'
hash('sha512', $password)

I would like to use crypt(), but I have php 5.1.4 which means that: Standard DES: stqAdD7zlbByI Extended DES not supported. MD5: $1$somethin$4NZKrUlY6r7K7.rdEOZ0w. Blowfish DES not supported. SHA-256 not supported. SHA-512 not supported.

What options do I have now?

</div>
  • 写回答

1条回答 默认 最新

  • dongwen2794 2014-03-26 15:26
    关注

    Thanks for your suggestions.

    If you don't understand what the security goals are, then you should probably use Solar Designer's phpass. Solar Designer is the author of John The Ripper (JtR), and he is knowledgeable on the state of the art in recovery and protection.

    If you have different security goals, then you need to be careful about the system you design. Perhaps you should fully describe what you are trying to accomplish.

    I am using the basic PHP hash function to hash a password. Is the password secure enough/future proof?

    John Stevens of OWASP put together a good document on server password security and storage. It walks through the attacks and threats, and then adds steps to neutralize the threats. Here are the references to the OWASP material:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 算法题:数的划分,用记忆化DFS做WA求调
  • ¥15 chatglm-6b应用到django项目中,模型加载失败
  • ¥15 武汉岩海低应变分析软件,导数据库里不显示波形图
  • ¥15 CreateBitmapFromWicBitmap内存释放问题。
  • ¥30 win c++ socket
  • ¥30 CanMv K210开发板实现功能
  • ¥15 C# datagridview 栏位进度
  • ¥15 vue3页面el-table页面数据过多
  • ¥100 vue3中融入gRPC-web
  • ¥15 kali环境运行volatility分析android内存文件,缺profile