doufusi2013
2015-07-25 13:36
浏览 204
已采纳

Laravel - 你如何使用Hash :: needsRehash()?

I'm wondering how to use Hash::needsRehash() as I'm struggling to see using the documentation exactly what it's for.

if (Hash::needsRehash($hashed)) {
    $hashed = Hash::make('plain-text');
}

What exactly causes Hash::needsRehash() to return true or false, does it return true if the hashed password is in another hash (such as MD5, SHA1 etc)?

In the case that your database is full of hashes in another algorithm and Hash::needsRehash() returns true, how would you rehash the users password so that it's they're up to date? You can't rely on the "login" password because it needs to be compared first to validate, right?

I guess maybe I'm overthinking things but I'm confused right now. Luckily my users passwords are using password_hash() anyway so shouldn't be a problem.

图片转代码服务由CSDN问答提供 功能建议

我想知道如何使用 Hash :: needsRehash(),因为我是 努力查看文档的确切用途。

  if(Hash :: needsRehash($ hashed)){
 $ hashed = Hash :: make('plain-  text'); 
} 
   
 
 

究竟是什么导致 Hash :: needsRehash()返回true或false,是否返回true 如果散列密码在另一个散列(例如MD5,SHA1等)中?

如果您的数据库在另一个算法中充满了散列并且 Hash :: needsRehash( )返回true,你如何重新设置用户密码,以便它们是最新的? 你不能依赖“登录”密码,因为它需要首先进行比较才能验证,对吗?

我想也许我是在思考,但我现在很困惑。 幸运的是,我的用户密码仍然使用 password_hash(),所以不应该是一个问题。

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • douzhi3779 2015-07-25 13:47
    已采纳

    Hash::needsReHash() just calls php's built-in password_needs_rehash function. A helpful comment in the docs is:

    // Check if a newer hashing algorithm is available
    // or the cost has changed
    if (password_needs_rehash($hash, PASSWORD_DEFAULT, $options)) {
    

    So Hash::needsReHash() will return false if and only if hashing algorithm has changed (since you're not passing any options such as cost).

    As for how and when to use this, you can only rehash a user's password when you have it -- e.g. when they're logging in. So during the login process, you check if their stored password's algorithm differs from your current algorithm, and if so, you replace their stored password hash with a new one.

    评论
    解决 无用
    打赏 举报
查看更多回答(2条)

相关推荐 更多相似问题