可能重复:
PHP 密码的安全哈希和盐
haval160,4
我尝试创建一个函数,使用散列算法用盐对我的密码进行散列。但我不明白它的安全性。我提供以下代码:
请让我知道如何改进安全系统。
<?php
defined("SALT")? NULL : define("SALT", "abcdefthijklmnopqursuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*/\|[]{}()~!@#$%^&*_+:.,;1234567890");
function createSalt(){
static $random_string;
for($i=0;$i<64;$i++){
$random_string .= substr(str_shuffle(SALT), 0,25);
}
return $random_string;
}
global $salts;// I want to store the salt value into my database with password
$salt = createSalt();
$salts = $salt;//I keep this cause I will check the matching password without database
function createPassword($input_data,$salt){
static $hash;
$cryc = crypt($input_data,$salt);
$hash = hash("haval160,4",$cryc);
return $hash;
}
$password = createPassword("123456",$salt);
$stored_password = $password ; // I stored value into a variable cause I want to test without database
//echo $password.'<hr>';
echo "Your Password: ".$password;
echo "<br/> Your SALT VALUE: ".$salt.'<hr>';
function checkPassword($uid,$password,$salts,$stored_password){//this is just a test function... actual function don't require $salts and $stored_password
$db_uid = 1 ;
if($uid === $db_uid){
$db_salt = $salts;
$db_password = createPassword($password,$db_salt);
if($db_password == $stored_password){
echo "Password Match";
}else{
echo"password don't match";
}
}
}
checkPassword(1,"123456",$salts,$stored_password);
?>