drd99007 2016-03-26 15:09
浏览 101
已采纳

Bcrypt,你如何用随机盐验证?

I got this code off the PHP website. I can make this work without the Salt. But how do you verify with the salt - or does it have to be stored into a variable then you use that later? Not sure how to proceed to the next step to verify. Lots of tutorials on how to make a hash, but to verify is another thing. Thank you.

$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options)."
";


// See the password_hash() example to see where this came from.
$hash = '$2y$11$nJp/w0OC41I0m44T9OQKBuWUrQi63PrJuvDc68KI6oDBdnZK01kiW ';

if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
  • 写回答

1条回答 默认 最新

  • dongtan6336 2016-03-26 16:27
    关注

    Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.

    Source: http://php.net/manual/en/function.password-verify.php

    just use the function as you did above, it will automatically detect the salt.

    If omitted, a random salt will be generated by password_hash() for each password hashed. This is the intended mode of operation.

    source:http://php.net/manual/en/function.password-hash.php

    Even if you don't add a salt, password_hash will automatically add a random generated one, so you shouldn't have any problem verifying a password that has been salted.

    Also note that:

    The salt option has been deprecated as of PHP 7.0.0. It is now preferred to simply use the salt that is generated by default.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 请问我该如何添加自己的数据去运行蚁群算法代码
  • ¥20 用HslCommunication 连接欧姆龙 plc有时会连接失败。报异常为“未知错误”
  • ¥15 网络设备配置与管理这个该怎么弄
  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码