dongxingchang9345 2014-08-08 16:19
浏览 66

php 5.5中的password_hash函数

i have the following function that hashes a password and stores it in a database. i am trying to use the password_hash function in php 5.5 but its giving me weird results.

function hashpass($password)
{
    include("includes/config.php");

    $password = password_hash($password, PASSWORD_DEFAULT);
    return $password;
}

I then output the result for the same static password which i am just testing as "testpassword" and it keeps giving me different hashes. Why is that? if it keeps doing that i will never be able to verify the password because it will never yield the same hash for the exact same string.

Is there something that i need to configure or set before hand for this to work correctly?

  • 写回答

2条回答 默认 最新

  • dongyan1808 2014-08-08 16:27
    关注

    When you hash a password with password_hash, a random salt is being generated, used in the hashing process and prepended to the result. This is precisely for the purpose of avoiding the same passwords resulting in the same hash every single time; to avoid easy generation of rainbow tables. (All terms you should probably google. :))

    To verify a hash generated with password_hash you need to use password_verify, which uses the salt embedded in the hash to reproduce and compare the hash from another plaintext password.

    评论

报告相同问题?

悬赏问题

  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程
  • ¥30 Eclipse官网打不开,官网首页进不去,显示无法访问此页面,求解决方法
  • ¥15 关于smbclient 库的使用
  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启