dongzun9958 2014-05-07 14:55
浏览 51
已采纳

什么是用于通过电子邮件进行帐户验证的优秀PHP哈希算法?

What is the best algorithm to create a hash (as a verification id) for new users to verify their accounts?

MD5 seems to be the answer everywhere I look, but all the sources are at least 3 or 4 years old. I just want to make sure that MD5 is still the best option today...

I use the password_hash() function for passwords which I belive uses the Blowfish algorithm and adds a random salt, but is that necessary for a verification ID?

  • 写回答

2条回答 默认 最新

  • drll42469 2014-05-07 15:00
    关注

    For this purpose, MD5 is just an 'encoding'. As long as the source value that you run the MD5 on is properly random, it can be safely used.

    Any random (with a proper algorithm) 128 bit value will do file (either an GUID (as long as it is v4) or just base64 encoded crypto-random byte array, or MD5 on the same array).

    You just have to make sure that it cannot be guessed. So mostly you would want to add some sort of invalid-token counter by IP address that blocks the access after certain number of times.

    Also you would probably want to add some sort of expiration (like valid for 24 hours) for the code for the same reason.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误
  • ¥15 (关键词-阻抗匹配,HFSS,RFID标签天线)
  • ¥15 机器人轨迹规划相关问题
  • ¥15 word样式右侧翻页键消失