发表新帖
发表新帖

How can I store my users' passwords safely?

后端 未结
关注
6 1783
长发绾君心
长发绾君心 2020-11-21 23:37

How much more safe is this than plain MD5? I\'ve just started looking into password security. I\'m pretty new to PHP.

$salt = \'csdnfgksdgojnmfnb\';

$passwo
6条回答
  • 抹茶落季
    抹茶落季 (楼主)
    2020-11-22 00:08

    A better way would be for each user to have a unique salt.

    The benefit of having a salt is that it makes it harder for an attacker to pre-generate the MD5 signature of every dictionary word. But if an attacker learns that you have a fixed salt, they could then pre-generate the MD5 signature of every dictionary word prefixed by your fixed salt.

    A better way is each time a user changes their password, your system generate a random salt and store that salt along with the user record. It makes it a bit more expensive to check the password (since you need to look up the salt before you can generate the MD5 signature) but it makes it much more difficult for an attacker to pre-generate MD5's.

    0 讨论(0)
 看不清?
提交回复
热议问题