duancan1900 2015-03-18 20:47
浏览 50
已采纳

在PHP中最安全地使用bcrypt [关闭]

Other than just hashing the password like that:

password_hash($password, PASSWORD_BCRYPT);

What is the recommended rounds of iteration for bcrypt? I know for certain that four rounds of blowfish are susceptible to a second-order differential attack but the server utilizing the process of hashing would probably be fine with a lot bigger cost in most cases. 14 rounds can be distinguished from a pseudorandom permutation so that's ruled out as well.

Is 16 the highest possible cost? Also how is the salt being generated (if omitted)?

  • 写回答

1条回答 默认 最新

  • dongqing483174 2015-03-18 21:15
    关注

    In case of BCrypt you do not specify the number of rounds, instead you define a cost factor. The cost factor will be raised to the power of 2, that means, increasing the cost factor by 1, will double the computing time.

    $numberofRounds = 2 ^ $costFactor

    The default value is currently 10, the highest possible value is currently 31. To determine the cost factor you should go the other way round, measure the time your server needs for different cost factors. Then you can decide what cost factor is bearable for your server.

    There is a small example script in the PHP documentation, which helps finding an appropriate cost factor.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 划分vlan后不通了
  • ¥15 GDI处理通道视频时总是带有白色锯齿
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)
  • ¥15 自适应 AR 模型 参数估计Matlab程序
  • ¥100 角动量包络面如何用MATLAB绘制
  • ¥15 merge函数占用内存过大
  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大