来自 php libsodium sodium_crypto_pwhash_str() 的 return 的长度
Length of return from php libsodium sodium_crypto_pwhash_str()
PHP中sodium_crypto_pwhash_str()返回的字符串有多长?它是否随明文而变化?选项 $opslimit 和 $memlimit?基本上,我想知道一个数据库字段要给它多长时间。
我已经 运行 对 sodium_crypto_pwhash_str() 进行了一些粗略计时测试。在下面的代码中,测试 1、2 和 3 的密码分别为 4、40 和 400 个字符。这对时间或哈希长度没有任何影响。测试 i、m 和 s 使用 SODIUM_CRYPTO_PWHASH_*_INTERACTIVE、SODIUM_CRYPTO_PWHASH_*_MODERATE 和 SODIUM_CRYPTO_PWHASH_*_SENSITIVE。这导致哈希值分别为 97、98 和 99 个字符。 *_SENSITIVE 测试花费的时间大约是 *_MODERATE 测试的 6 倍。后者花费的时间大约是 *_INTERACTIVE 测试的 6 倍。
这是我的测试代码。
$pass1 = bin2hex(openssl_random_pseudo_bytes(2));
$pass2 = bin2hex(openssl_random_pseudo_bytes(20));
$pass3 = bin2hex(openssl_random_pseudo_bytes(200));
$t = microtime(true);
$test1i = strlen(sodium_crypto_pwhash_str(
$pass1,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE));
$time1i = microtime(true) - $t;
$t = microtime(true);
$test1m = strlen(sodium_crypto_pwhash_str(
$pass1,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE));
$time1m = microtime(true) - $t;
$t = microtime(true);
$test1s = strlen(sodium_crypto_pwhash_str(
$pass1,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE));
$time1s = microtime(true) - $t;
$t = microtime(true);
$test2i = strlen(sodium_crypto_pwhash_str(
$pass2,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE));
$time2i = microtime(true) - $t;
$t = microtime(true);
$test2m = strlen(sodium_crypto_pwhash_str(
$pass2,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE));
$time2m = microtime(true) - $t;
$t = microtime(true);
$test2s = strlen(sodium_crypto_pwhash_str(
$pass2,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE));
$time2s = microtime(true) - $t;
$t = microtime(true);
$test3i = strlen(sodium_crypto_pwhash_str(
$pass3,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE));
$time3i = microtime(true) - $t;
$t = microtime(true);
$test3m = strlen(sodium_crypto_pwhash_str(
$pass3,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE));
$time3m = microtime(true) - $t;
$t = microtime(true);
$test3s = strlen(sodium_crypto_pwhash_str(
$pass3,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE));
$time3s = microtime(true) - $t;
$len1 = strlen($pass1);
$len2 = strlen($pass2);
$len3 = strlen($pass3);
$pLen1 = str_repeat(' ', 3 - strlen($len1)) . $len1;
$pLen2 = str_repeat(' ', 3 - strlen($len2)) . $len2;
$pLen3 = str_repeat(' ', 3 - strlen($len3)) . $len3;
printf("Pass length: %3s" .
'; I: %2d chars (%4.2f secs)' .
'; M: %2d chars (%4.2f secs)' .
'; S: %2d chars (%4.2f secs)' . PHP_EOL,
$len1, $test1i, $time1i, $test1m, $time1m, $test1s, $time1s);
printf("Pass length: %3s" .
'; I: %2d chars (%4.2f secs)' .
'; M: %2d chars (%4.2f secs)' .
'; S: %2d chars (%4.2f secs)' . PHP_EOL,
$len2, $test2i, $time2i, $test2m, $time2m, $test2s, $time2s);
printf("Pass length: %3s" .
'; I: %2d chars (%4.2f secs)' .
'; M: %2d chars (%4.2f secs)' .
'; S: %2d chars (%4.2f secs)' . PHP_EOL,
$len3, $test3i, $time3i, $test3m, $time3m, $test3s, $time3s);
一个 运行 给了我以下结果:
Pass length: 4; I: 97 chars (0.06 secs); M: 98 chars (0.37 secs); S: 99 chars (2.24 secs)
Pass length: 40; I: 97 chars (0.06 secs); M: 98 chars (0.36 secs); S: 99 chars (2.22 secs)
Pass length: 400; I: 97 chars (0.06 secs); M: 98 chars (0.36 secs); S: 99 chars (2.18 secs)
但是,我对经验编码仍然不太满意。 :-(
散列密码的最大长度为 crypto_pwhash_STRBYTES,即 128 个字节。
此常量尚未在 PHP 绑定中公开,但我会尽快添加它。
更新:已添加到 PECL 扩展中。
PHP中sodium_crypto_pwhash_str()返回的字符串有多长?它是否随明文而变化?选项 $opslimit 和 $memlimit?基本上,我想知道一个数据库字段要给它多长时间。
我已经 运行 对 sodium_crypto_pwhash_str() 进行了一些粗略计时测试。在下面的代码中,测试 1、2 和 3 的密码分别为 4、40 和 400 个字符。这对时间或哈希长度没有任何影响。测试 i、m 和 s 使用 SODIUM_CRYPTO_PWHASH_*_INTERACTIVE、SODIUM_CRYPTO_PWHASH_*_MODERATE 和 SODIUM_CRYPTO_PWHASH_*_SENSITIVE。这导致哈希值分别为 97、98 和 99 个字符。 *_SENSITIVE 测试花费的时间大约是 *_MODERATE 测试的 6 倍。后者花费的时间大约是 *_INTERACTIVE 测试的 6 倍。
这是我的测试代码。
$pass1 = bin2hex(openssl_random_pseudo_bytes(2));
$pass2 = bin2hex(openssl_random_pseudo_bytes(20));
$pass3 = bin2hex(openssl_random_pseudo_bytes(200));
$t = microtime(true);
$test1i = strlen(sodium_crypto_pwhash_str(
$pass1,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE));
$time1i = microtime(true) - $t;
$t = microtime(true);
$test1m = strlen(sodium_crypto_pwhash_str(
$pass1,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE));
$time1m = microtime(true) - $t;
$t = microtime(true);
$test1s = strlen(sodium_crypto_pwhash_str(
$pass1,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE));
$time1s = microtime(true) - $t;
$t = microtime(true);
$test2i = strlen(sodium_crypto_pwhash_str(
$pass2,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE));
$time2i = microtime(true) - $t;
$t = microtime(true);
$test2m = strlen(sodium_crypto_pwhash_str(
$pass2,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE));
$time2m = microtime(true) - $t;
$t = microtime(true);
$test2s = strlen(sodium_crypto_pwhash_str(
$pass2,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE));
$time2s = microtime(true) - $t;
$t = microtime(true);
$test3i = strlen(sodium_crypto_pwhash_str(
$pass3,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE));
$time3i = microtime(true) - $t;
$t = microtime(true);
$test3m = strlen(sodium_crypto_pwhash_str(
$pass3,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE));
$time3m = microtime(true) - $t;
$t = microtime(true);
$test3s = strlen(sodium_crypto_pwhash_str(
$pass3,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE));
$time3s = microtime(true) - $t;
$len1 = strlen($pass1);
$len2 = strlen($pass2);
$len3 = strlen($pass3);
$pLen1 = str_repeat(' ', 3 - strlen($len1)) . $len1;
$pLen2 = str_repeat(' ', 3 - strlen($len2)) . $len2;
$pLen3 = str_repeat(' ', 3 - strlen($len3)) . $len3;
printf("Pass length: %3s" .
'; I: %2d chars (%4.2f secs)' .
'; M: %2d chars (%4.2f secs)' .
'; S: %2d chars (%4.2f secs)' . PHP_EOL,
$len1, $test1i, $time1i, $test1m, $time1m, $test1s, $time1s);
printf("Pass length: %3s" .
'; I: %2d chars (%4.2f secs)' .
'; M: %2d chars (%4.2f secs)' .
'; S: %2d chars (%4.2f secs)' . PHP_EOL,
$len2, $test2i, $time2i, $test2m, $time2m, $test2s, $time2s);
printf("Pass length: %3s" .
'; I: %2d chars (%4.2f secs)' .
'; M: %2d chars (%4.2f secs)' .
'; S: %2d chars (%4.2f secs)' . PHP_EOL,
$len3, $test3i, $time3i, $test3m, $time3m, $test3s, $time3s);
一个 运行 给了我以下结果:
Pass length: 4; I: 97 chars (0.06 secs); M: 98 chars (0.37 secs); S: 99 chars (2.24 secs)
Pass length: 40; I: 97 chars (0.06 secs); M: 98 chars (0.36 secs); S: 99 chars (2.22 secs)
Pass length: 400; I: 97 chars (0.06 secs); M: 98 chars (0.36 secs); S: 99 chars (2.18 secs)
但是,我对经验编码仍然不太满意。 :-(
散列密码的最大长度为 crypto_pwhash_STRBYTES,即 128 个字节。
此常量尚未在 PHP 绑定中公开,但我会尽快添加它。
更新:已添加到 PECL 扩展中。