dt614037527 2014-09-26 22:05
浏览 31

如何在PHP中保护更多我的md5密码编码

I am seeking some suggestion to secure my password encoding. Here I wanted to mention that I don't want to use new password_hash() api and also dont want to migration of old password, If I used password_hash() api , I have to migrate my old user password, which is not gong to possible for now. SO here is my old approach.

function login() {
//the code of getting password from database.......I am skipping this part.....
if(!Check($given_pass,$expected_pass)))  
    //User enter a password in the session as given_pass and expected_pass is the md5 generated hash password stored in database.
    return error('pass error');
return notice('pass success');
}

function Encode($text) {
    return md5(paramtr2Str("conf.cryptographykey").$text);  
    //cryptography key is a random generated string at the server side.
}

function Check($given_pass, $expected_pass) {
    return $expected == Encode($given_pass);
}

I think my Encode function is hackable and I want to give it some extra security by sticking with the original formatting.

  • 写回答

1条回答 默认 最新

  • dsadsa123111 2014-09-26 22:38
    关注

    You can encrypt the MD5 encrypted password with sha1(). You have to encrypt all users passwords (MD5 encrypted) with sha1() again in your database and in the login page check their password with this sha1(md5($password)) and compare it with you database.

    This will improve your site security quite lot but I'd recommend you to use password_hash() anyway.

    评论

报告相同问题?

悬赏问题

  • ¥15 C#调用python代码(python带有库)
  • ¥15 矩阵加法的规则是两个矩阵中对应位置的数的绝对值进行加和
  • ¥15 活动选择题。最多可以参加几个项目?
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面
  • ¥50 NT4.0系统 STOP:0X0000007B