首先,我看到要使用 CRYPT_BLOWFISH,我需要使用从 $2a$ 开始的 16 字符盐。但是,crypt() 的 php.net 文档说某些系统不支持 CRYPT_BLOWFISH。这种情况多久发生一次?
接下来,从他们在文档上的示例中,我看到我使用 crypt() 如下:
<?php
$password = crypt('mypassword'); // let the salt be automatically generated
/* You should pass the entire results of crypt() as the salt for comparing a
password, to avoid problems when different hashing algorithms are used. (As
it says above, standard DES-based password hashing uses a 2-character salt,
but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
echo "Password verified!";
}
?>
为了使用 CRYPT_BLOWFISH,我唯一需要修改的就是第一行让它变成这样吗?
crypt('mypassword', '$2a$07$usesomesillystringforsalt$')
然后其余的线都很好吗?