codeigniter 函数中的密码加密
Password encryption in codeginiter function
如何在 codeigniter 上加密我的密码。这是我的代码
$password = $this->security->xss_clean($this->input->post('password'));
如何制作md5?
为了满足您的具体需求,以下代码将起作用:
$password = md5($this->security->xss_clean($this->input->post('password')));
但是,正如评论中所述,md5 是存储密码的非常糟糕的选择,应不惜一切代价避免使用。您还应该避免使用 sha1 和任何其他可以快速散列的东西。有关详细信息,请查看 Jeff Atwood 的博客 post、your password is too damn short。具体如下部分:
And for developers:
Pick your new password hash algorithms carefully, and move all your
old password hashing systems to much harder to calculate hashes. You
need hashes that are specifically designed to be hard to calculate on
GPUs, like scrypt.
Even if you pick the "right" hash, you may be vulnerable if your work
factor isn't high enough. Matsano recommends the following:
scrypt: N=2^14, r=8, p=1
bcrypt: cost=11
PBKDF2 with SHA256: iterations=86,000
But those are just guidelines; you have to scale the hashing work to
what's available and reasonable on your servers or devices. For
example, we had a minor denial of service bug in Discourse where we
allowed people to enter up to 20,000 character passwords in the login
form, and calculating the hash on that took, uh … several seconds.
post 还涵盖了对于任何给定的哈希算法尝试破解密码的速度(每秒尝试次数)
- NTLM = 350,000,000,000
- MD5 = 180,000,000,000
- SHA1 = 63,000,000,000
- SHA512Crypt = 364,000
- bCrypt = 71,000
显然,每秒可执行的尝试次数越少,破解哈希所需的时间就越多。
考虑到这一点,请重新考虑您为应用程序选择的哈希算法,并使其对密码使用合理的哈希算法
如何在 codeigniter 上加密我的密码。这是我的代码
$password = $this->security->xss_clean($this->input->post('password'));
如何制作md5?
为了满足您的具体需求,以下代码将起作用:
$password = md5($this->security->xss_clean($this->input->post('password')));
但是,正如评论中所述,md5 是存储密码的非常糟糕的选择,应不惜一切代价避免使用。您还应该避免使用 sha1 和任何其他可以快速散列的东西。有关详细信息,请查看 Jeff Atwood 的博客 post、your password is too damn short。具体如下部分:
And for developers:
Pick your new password hash algorithms carefully, and move all your old password hashing systems to much harder to calculate hashes. You need hashes that are specifically designed to be hard to calculate on GPUs, like scrypt.
Even if you pick the "right" hash, you may be vulnerable if your work factor isn't high enough. Matsano recommends the following:
scrypt: N=2^14, r=8, p=1
bcrypt: cost=11
PBKDF2 with SHA256: iterations=86,000
But those are just guidelines; you have to scale the hashing work to what's available and reasonable on your servers or devices. For example, we had a minor denial of service bug in Discourse where we allowed people to enter up to 20,000 character passwords in the login form, and calculating the hash on that took, uh … several seconds.
post 还涵盖了对于任何给定的哈希算法尝试破解密码的速度(每秒尝试次数)
- NTLM = 350,000,000,000
- MD5 = 180,000,000,000
- SHA1 = 63,000,000,000
- SHA512Crypt = 364,000
- bCrypt = 71,000
显然,每秒可执行的尝试次数越少,破解哈希所需的时间就越多。
考虑到这一点,请重新考虑您为应用程序选择的哈希算法,并使其对密码使用合理的哈希算法