问题
Simple question because i did not find a really helping answer on google: Does the password_hash() function also check if there is already such a hash generated for instance in the userdata file? I basically get what the function is doing, but i am fairly new to php, so i was not really able to see if the password is checked for uniqueness.
Please be gentle on this noob question right here. I simply want to understand what i am using right there, and not only do it because my exercise sheet at university tells me so.
回答1:
No.
Two reasons:
- the function will not know anything about "other" passwords.
- You don't want this. What will you do if you hit a duplicate? Tell the user? He will then know someone's password.
回答2:
The password_hash() function is designed in a way that duplicates are extremely unlikely, so from the view of a developer, it is of no concern that two hashes could theoretically be the same.
Because of the properties of the password_hash() function and because it generates a random salt for each password...
- the chance that the function generates a duplicate is incredible small, even if two users use the same password, the function would generate different hashes
- one cannot search for the hash anyway, you need another search key like the username, so a duplicate wouldn't be a problem neither.
回答3:
No, it does not check for uniqueness.
来源:https://stackoverflow.com/questions/44453650/php-does-password-hash-check-if-the-hash-generated-is-unique-understanding