php sodium_crypto_pwhash_str_verify() 失败
php sodium_crypto_pwhash_str_verify() fails
我正在尝试弄清楚如何使用 php7.2 中的新 libsodium 功能,但由于某些原因我似乎无法使 sodium_crypto_pwhash_str_verify() 工作正确。
我决定在他们的文档中实际使用给定的示例:https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use#crypto-pwhash-sample-php
libsodium 本身的示例代码:
Note: I've contacted the author about the sample code and it has now
been fixed! So the example below is outdated. (2018-05-30)
(我做的唯一调整是 $passwort = "test" 和 echos)
<?php
$password = "test"; // by me
/* This uses Argon2i with two numeric constants that correspond to
* the number of passes (OPSLIMIT) and the amount of memory to use
* (MEMLIMIT). A higher OPSLIMIT helps against CPU attacks, while a
* higher MEMLIMIT helps against GPU attacks.
*/
$storeInDatabase = sodium_crypto_pwhash_str(
$password,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);
/* Once that's stored, you can just test against the hash like so: */
if (sodium_crypto_pwhash_str_verify($password, $storeInDatabase)) {
/* Logged in! */
echo "works!"; // by me
} else {
/* Incorrect password. */
echo "failed!"; // by me
}
由于我使用相同的 $password 和 $storeInDatabase 进行散列和验证,这应该始终打印 "works!",但它不会。
我在这里做错了什么?遗憾的是,php.net 还没有关于 sodium 函数的任何有用文档。
供参考:
http://php.net/manual/en/function.sodium-crypto-pwhash-str.php
http://php.net/manual/en/function.sodium-crypto-pwhash-str-verify.php
你有 $password 和 $storeInDatabase 错误的方法
应该是:
if (sodium_crypto_pwhash_str_verify($storeInDatabase,$password)) {
来自文档:
bool sodium_crypto_pwhash_str_verify ( string $hash , string $password )
我正在尝试弄清楚如何使用 php7.2 中的新 libsodium 功能,但由于某些原因我似乎无法使 sodium_crypto_pwhash_str_verify() 工作正确。
我决定在他们的文档中实际使用给定的示例:https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use#crypto-pwhash-sample-php
libsodium 本身的示例代码:
Note: I've contacted the author about the sample code and it has now been fixed! So the example below is outdated. (2018-05-30)
(我做的唯一调整是 $passwort = "test" 和 echos)
<?php
$password = "test"; // by me
/* This uses Argon2i with two numeric constants that correspond to
* the number of passes (OPSLIMIT) and the amount of memory to use
* (MEMLIMIT). A higher OPSLIMIT helps against CPU attacks, while a
* higher MEMLIMIT helps against GPU attacks.
*/
$storeInDatabase = sodium_crypto_pwhash_str(
$password,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);
/* Once that's stored, you can just test against the hash like so: */
if (sodium_crypto_pwhash_str_verify($password, $storeInDatabase)) {
/* Logged in! */
echo "works!"; // by me
} else {
/* Incorrect password. */
echo "failed!"; // by me
}
由于我使用相同的 $password 和 $storeInDatabase 进行散列和验证,这应该始终打印 "works!",但它不会。
我在这里做错了什么?遗憾的是,php.net 还没有关于 sodium 函数的任何有用文档。
供参考:
http://php.net/manual/en/function.sodium-crypto-pwhash-str.php
http://php.net/manual/en/function.sodium-crypto-pwhash-str-verify.php
你有 $password 和 $storeInDatabase 错误的方法
应该是:
if (sodium_crypto_pwhash_str_verify($storeInDatabase,$password)) {
来自文档:
bool sodium_crypto_pwhash_str_verify ( string $hash , string $password )