2017-05-23 00:41
浏览 33

想要使用password_hash散列密码,但仍希望能够像lastpass php那样用眼睛显示密码

As the title says I'm trying to use PHP's password_hash function but I know that it is one way hashing so if I use it the password will be unable to be unhashed.

That being said, I want to be able to have an eye next to a password box (like LastPass) within the system that I'm working with that can display the password for admin users of the site but I'm not sure how to do this. Is there a function within PHP or some library that will allow for secure hashing or encryption so that this is possible? Is there another way to do this securely?

I've been looking around stack overflow for a while now just trying to find an answer to this but have to find anything that is close to what I'm wanting to do.

For a quick frame of reference for this. The users of the site can allow for 3rd party companies to login to retrieve files that are being shared with them. The users create the password and share it with the 3rd party. I want to make sure that when the passwords are secured but still allow the users of the site to go back and lookup the password for the 3rd party companies should they forget their password.

图片转代码服务由CSDN问答提供 功能建议

正如标题所示,我正在尝试使用PHP的password_hash函数,但我知道这是一种散列方式,如果 我用它密码将无法取消。

话虽如此,我希望能够密切关注我正在使用的系统中的密码框(如LastPass),它可以显示管理员用户的密码 该网站,但我不知道该怎么做。 PHP或某些库中是否有一个函数可以进行安全散列或加密,以便这样做? 有没有其他方法可以安全地做到这一点?


为此提供快速参考框架。 该站点的用户可以允许第三方公司登录以检索与他们共享的文件。 用户创建密码并与第三方共享。 我想确保在密码安全但仍然允许网站用户返回并查找第三方公司的密码时,如果他们忘记了密码。

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

2条回答 默认 最新

  • doulian1852 2017-05-23 00:48

    ... that will allow for secure hashing or encryption so that [displaying the password for admin users] is possible?

    You keep using that word. I do not think it means what you think it means. :-)

    Password hashing can either be secure or it can be reversible.

    The whole point of password hashing is to be non-reversible. If you want the original password, you're going to have to store it (keeping in mind how insecure this actually is).

    At a bare minimum, you'd want the plaintext password somewhere totally separate from, and inaccessible to, the outside world. But the ground is littered from the corpses of password files that companies thought were secure from the general public, so my advice is to steer well clear of this.

    解决 无用
    打赏 举报

相关推荐 更多相似问题