dongzhan2461 2015-10-14 12:41
浏览 19
已采纳

如何使用盐与md5技术

I have coded md5 technique to store the password in hash but I want to implement it with salt.

here is my register form php with md5 function which is working perfectly.

<?php
require("common.php");
if (! empty ( $_POST )) {
    if (empty ( $_POST ['username'] )) {
        die ( "Please enter a username." );
    }
    if (empty ( $_POST ['password'] )) {
        die ( "Please enter a password." );
    }
    $query = "SELECT 1 FROM User WHERE username = :username";
    $query_params = array (
            ':username' => $_POST ['username'] 
    );
    try {
        $stmt = $db->prepare ( $query );
        $result = $stmt->execute ( $query_params );
    } catch ( PDOException $ex ) {
        die ( "Failed to run query: " . $ex->getMessage () );
    }
    $row = $stmt->fetch ();
    if ($row) {
        die ( "This user name is already registered" );
    }
    $password = md5($_POST['password']);
    $query = "INSERT INTO User (username, password) VALUES (:username, :password)";
    $query_params = array (
            ':username' => $_POST ['username'],
            ':password' => $password 
    );
    try {
        $stmt = $db->prepare ( $query );
        $result = $stmt->execute ( $query_params );
    } catch ( PDOException $ex ) {
        die ( "Failed to run query: " . $ex->getMessage () );
    }
    header ( "Location: login.php" );
    die ( "Redirecting to login.php" );
}
?>
  • 写回答

3条回答 默认 最新

  • dqmq0654 2015-10-14 13:03
    关注

    You should not use MD5 or SHA1 for hashing (even with a salt) as they are proven to be insecure.

    Using salted md5 for passwords is a bad idea. Not because of MD5's cryptographic weaknesses, but because it's fast. This means that an attacker can try billions of candidate passwords per second on a single GPU.

    PHP now provides a simple way to use the far more secure bcrypt hash through the password_hash function, which not only generates a strong hash, but generates a random salt as well

    $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题