我有兴趣使用Taylor Hornby(又名Defuse)的PHP密码哈希方法(PHP兼容版本),我在这里找到:https://github.com/defuse/password-hashing
我问这个是因为不同的托管公司提供不同的PHP版本和不同的Linux版本,这就是为什么我害怕实现这种技术可能在我的开发服务器中工作得很好,但无法在生产服务器中正常工作。
答案 0 :(得分:5)
Does it work "safely" in PHP 4 and above?
This question was asked in 2014; there's no excuse for running PHP 4 at that point in time. Please update to a supported version of PHP (e.g. 5.6) as soon as possible. If this is out of your control, boycott your hosting provider (and name names, please, so we can pressure them to update).
Does it work safely in different servers? a 64-bit will give the same hashes as a 32-bit?
Yes, Defuse's code works well regardless of platform architecture. But that's not the real answer to this question.
The best answer anyone can provide is that you should use password_hash() and password_verify(), which are designed for passwords and will be forward-compatible with new algorithms when the current default (bcrypt) is rendered obsolete (e.g. by scrypt or Argon2, the Password Hashing Contest winner).
These functions are available in PHP 5.5.0 and newer, or 5.3.7 and newer with ircmaxell/password_compat (written and maintained by the author of the functions used in PHP 5.5).
If you're using an older version of PHP, your best option is to use PHPass.
答案 1 :(得分:2)
它在PHP 4中不起作用,因为它需要hash_pbkdf2(available in PHP 5.5+)或hash_hmac(available in PHP 5.1+ or PECL)。
它在64位和32位中的工作方式相同。