dongming6201 2019-04-29 08:19
浏览 287

使用Java和PHP进行BCrypt,发送加密密码并对其进行解码

I want to use an Android app to send an encrypted password to a PHP file on the server that stores it. This also works so far.

At login I send the encrypted password to the server again and the PHP file should find out if the password is correct.

But if I now if (password_verify($userPassword, $hash)) { }

then the function requires the real password and not an encrypted one. How can I now compare encrypted with encrypted ?

Or do I just have to send the visible password to an SSL server and it's still secure ?

  • 写回答

1条回答 默认 最新

  • doushishi6513 2019-04-29 08:39
    关注

    Does it really matter what the $userPassword actually is? This could be encrypted original as long as that is what you stored the first time...

    So just send the encrypted version, hash it (in PHP), store it (in PHP) and later verify that (password_verify($inAndroidHashedPass, $localllyStoredHashFromPHP)) ?

    评论

报告相同问题?

悬赏问题

  • ¥15 在获取boss直聘的聊天的时候只能获取到前40条聊天数据
  • ¥20 关于URL获取的参数,无法执行二选一查询
  • ¥15 液位控制,当液位超过高限时常开触点59闭合,直到液位低于低限时,断开
  • ¥15 marlin编译错误,如何解决?
  • ¥15 有偿四位数,节约算法和扫描算法
  • ¥15 VUE项目怎么运行,系统打不开
  • ¥50 pointpillars等目标检测算法怎么融合注意力机制
  • ¥20 Vs code Mac系统 PHP Debug调试环境配置
  • ¥60 大一项目课,微信小程序
  • ¥15 求视频摘要youtube和ovp数据集