"algorithm: auto" 的用户密码字段的最大长度?
max length for user password field with "algorithm: auto"?
Symfony 4.3 弃用了 bcrypt 算法,参见 UPGRADE-4.3.md:
Configuring encoders using argon2i or bcrypt as algorithm has been deprecated, use auto instead.
所以我把security.yaml改成了:
encoders:
App\Entity\User:
algorithm: auto
问题是,改成auto后,哈希后的字符串变长了:
'INSERT INTO users (..., password, ...) VALUES (...)' with params
[...,
"$argon2id$v=19$m=65536,t=6,p=1$d2RhZjVuaWJsSnE0TW5haA$ycOn7EHjPOoBTSa6SHDOBWL2AvwfPNjAstlSTEMmPpU",
...]:
SQLSTATE[22001]: String data, right truncated: 1406 Data too long for
column 'password' at row 1
这个字符串有 97 个字符长,而我的密码列是 64 个字符。我没有找到任何关于 "auto" 属性的最大可能长度的文档,是 97 吗?或者可以更多?
正如@Cerad 在评论中所说,auto 模式可能总是会生成 password_hash() built-in PHP 函数支持的密码(取决于平台)。
因此,您可以放心地依赖 the password_hash() documentation:
给出的提示
PASSWORD_DEFAULT - [...] Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
Symfony 4.3 弃用了 bcrypt 算法,参见 UPGRADE-4.3.md:
Configuring encoders using argon2i or bcrypt as algorithm has been deprecated, use auto instead.
所以我把security.yaml改成了:
encoders:
App\Entity\User:
algorithm: auto
问题是,改成auto后,哈希后的字符串变长了:
'INSERT INTO users (..., password, ...) VALUES (...)' with params [..., "$argon2id$v=19$m=65536,t=6,p=1$d2RhZjVuaWJsSnE0TW5haA$ycOn7EHjPOoBTSa6SHDOBWL2AvwfPNjAstlSTEMmPpU", ...]:
SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'password' at row 1
这个字符串有 97 个字符长,而我的密码列是 64 个字符。我没有找到任何关于 "auto" 属性的最大可能长度的文档,是 97 吗?或者可以更多?
正如@Cerad 在评论中所说,auto 模式可能总是会生成 password_hash() built-in PHP 函数支持的密码(取决于平台)。
因此,您可以放心地依赖 the password_hash() documentation:
PASSWORD_DEFAULT - [...] Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).