我试图弄清楚如何在php7.2中使用新的libsodium功能,但出于某种原因,我似乎无法让sodium_crypto_pwhash_str_verify()正常工作。
我决定在他们的文档中实际使用给定的示例:https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use#crypto-pwhash-sample-php
libsodium自己的示例代码:
注意:我已经就示例代码与作者联系,现在已经有了 修好了!所以下面的例子已经过时了。 (2018年5月30日)
(我做的唯一调整是$passwort = "test"和echo s)
<?php
$password = "test"; // by me
/* This uses Argon2i with two numeric constants that correspond to
* the number of passes (OPSLIMIT) and the amount of memory to use
* (MEMLIMIT). A higher OPSLIMIT helps against CPU attacks, while a
* higher MEMLIMIT helps against GPU attacks.
*/
$storeInDatabase = sodium_crypto_pwhash_str(
$password,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);
/* Once that's stored, you can just test against the hash like so: */
if (sodium_crypto_pwhash_str_verify($password, $storeInDatabase)) {
/* Logged in! */
echo "works!"; // by me
} else {
/* Incorrect password. */
echo "failed!"; // by me
}
由于我使用相同的$password和$storeInDatabase进行哈希和验证,因此应始终打印"works!",但它不会。
我在这里做错了什么?可悲的是,php.net还没有为sodium函数提供任何有用的文档。
供参考:
http://php.net/manual/en/function.sodium-crypto-pwhash-str.php
http://php.net/manual/en/function.sodium-crypto-pwhash-str-verify.php
答案 0 :(得分:2)
您的$password和$storeInDatabase方向错误
应该是:
if (sodium_crypto_pwhash_str_verify($storeInDatabase,$password)) {
来自文档:
bool sodium_crypto_pwhash_str_verify ( string $hash , string $password )