dsideal2015 2014-10-08 10:54
浏览 41
已采纳

使用password_hash [duplicate]验证密码是否已经哈希和盐渍

This question already has an answer here:

Let's hash and salt a password with:

<?php
$hash = password_hash('bonjour', PASSWORD_BCRYPT,  ['cost' => 12, ]);
// no salt option mentionned 
// then salt will be generated randomly, see password_hash documentation     
echo $hash;
?>

The result changes on each reload of the page, that's normal : the salt is randomly generated, it can be :

$2y$12$FlxBBjTjelKkGY.SJarlL.THUZBwcl7M6V35DmZmTmYJZRwhpRkIW
$2y$12$p2pkD116hBHNc/2nyQ2WyOkrn.h8xvWvM1.Lmvsnhms2Y6zsb.j1e
$2y$12$u4ipdQQM926jfanpXnwtkupv2CH/uWoPvK563tG7p.z35GcOBOZdS
etc.

In the previous code, the salt seems to be stored nowhere (am I wrong ?). But at the end password_verify is able to check the password with the hash, and it works with every result, regardless what the salt was. 

<?php
echo password_verify('bonjour', '$2y$12$FlxBBjTjelKkGY.SJarlL.THUZBwcl7M6V35DmZmTmYJZRwhpRkIW') ? 'yes' : 'no';
// yes
echo password_verify('bonjour', '$2y$12$p2pkD116hBHNc/2nyQ2WyOkrn.h8xvWvM1.Lmvsnhms2Y6zsb.j1e') ? 'yes' : 'no';
// yes
?>

Is it normal that password_verify is able to check the password without having to store the salt somewhere? 

</div>
  • 写回答

1条回答 默认 最新

  • dongzhuzhou4504 2014-10-08 10:57
    关注

    From the PHP.net manual

    Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.

    The salt is encoded in the hash, basically.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 lammps拉伸应力应变曲线分析
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
  • ¥30 python代码,帮调试,帮帮忙吧
  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建