duanqiang3925 2013-12-13 14:59
浏览 18
已采纳

在encripted字符串前面的$ xx $符号是什么意思?

I've noticed that lots of PHP software, such as Joomla! or Wordpress prepend "$xx$." symbols to their hashed strings. This happens, for example, when storing user passwords in databases.
What's the reason for this?

  • 写回答

1条回答 默认 最新

  • douti0467 2013-12-13 15:10
    关注

    The $xx$ denotes what hashing algorithm is used. One reason why it is useful that this is part of the resulting string, is that it allows you to have multiple types of hashes in the database without things breaking because you don't know what hashing algorithm was used. It also gives you an upgrade-path, to increase security of your passwords.

    If you use crypt, you just use crypt($password, $hash) == $hash and crypt figures out from the hash you provide which algorithm to use. It can also extract the salt, and other options (depending on the algorithm).

    For example for sha256, you get something like "$5$rounds=5000$usesomesillystri$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6" (from http://php.net/manual/en/function.crypt.php ). The "5" denotes the hashing algorithm, the "rounds=5000" is an option the hashing algorithm uses, and "usesomesillystringforsalt" is a salt, which insures that hashes of the same password looks different for different people, and making it harder to brute-force attack the hash. The "KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6" is the actual hashed password.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿
  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决