Hướng dẫn bcrypt php
Cập nhật ngày 27/12/2021 Show Trong PHP, muốn sử dụng mã hoá Bcrypt ta sẽ dùng hàm password_hash(). Hàm này thường dùng để mã hoá mật khẩu. Ngoài mã hoá Bcrypt hàm này còn hỗ trợ mã hoá Argon2i và Argon2id. password_hash ( string $password , int $algo [, array $options ] ) : string Trong đó:
Kết quả: Trả về chuỗi mã hoá hoặc FALSE nếu thất bại. Ví dụ: 12, ]; echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options); So sánh 2 chuỗi đã mã hoá?Đồi khi ta buồn ta chả biết làm gì rồi ngồi vu vơ nghĩ về Bcrypt, khi mà cùng 1 chuỗi nó mã hoá ra nhiều chuỗi mới khác nhau thì làm sao so sánh? Nhưng không sao, PHP đã cung cấp cho ta 1 hàm giúp làm việc này đó là password_verify(). password_verify ( string $password , string $hash ) : bool Trong đó:
Kết quả: TRUE nếu khớp, FALSE nếu không khớp. Ví dụ:
Zend\Crypt\Password\Bcrypt (5.3.2+)This is another API that's similar to the PHP 5.5 one, and does a similar purpose.
Resources:
PasswordLibThis is a slightly different approach to password hashing. Rather than simply supporting bcrypt, PasswordLib supports a large number of hashing algorithms. It's mainly useful in contexts where you need to support compatibility with legacy and disparate systems that may be outside of your control. It supports a large number of hashing algorithms. And is supported 5.3.2+
References:
PHPASSThis is a layer that does support bcrypt, but also supports a fairly strong algorithm that's useful if you do not have access to PHP >= 5.3.2... It actually supports PHP 3.0+ (although not with bcrypt).
Resources
Note: Don't use the PHPASS alternatives that are not hosted on openwall, they are different projects!!! About BCryptIf you notice, every one of these libraries returns a single string. That's because of how BCrypt works internally. And there are a TON of answers about that. Here are a selection that I've written, that I won't copy/paste here, but link to:
Wrap UpThere are many different choices. Which you choose is up to you. However, I would HIGHLY recommend that you use one of the above libraries for handling this for you. Again, if you're using Just use a library... |