Can someone point me to a good PHP/MySQL salted hashed password implementation?

后端 未结 8 732
感情败类
感情败类 2021-02-06 07:33

After reading about salts password hashing Id like to implement a simple version for an admin area to a site Im building.

If you have any good links with code that have

8条回答
  •  北荒
    北荒 (楼主)
    2021-02-06 07:49

    There are so many ways you can create a salt string, but i think you don't need to think a lot about your salt strength.

    I hash passwords like this

    $hash = sha1(strlen($password) . md5($password) . $salt);
    

    I think its the best performance between speed, and "security".

    function salt($lenght = 9) {
        $numbers = '0123456789';
        $chars = 'qwertzuiopasdfghjklyxcvbnm';
    
        $password = '';
        $alt = time() % 2;
        for ($i = 0; $i < $length; $i++) {
            if ($alt == 1) 
            {
                $password .= $chars[(rand() % strlen($chars))];
                $alt = 0;
            } else 
            {
                $password .= $numbers[(rand() % strlen($numbers))];
                $alt = 1;
            }
        }
        return $password;
    }
    

提交回复
热议问题