发表新帖
发表新帖

Why not use AES for password encryption in PHP?

后端 未结
关注
6 402
孤独总比滥情好
孤独总比滥情好 2021-01-01 16:09

Everywhere I have seen people talking about storing passwords in a database, they have almost always used MD5.

What is wrong with AES, or SHA1?

6条回答
  • 南笙
    南笙 (楼主)
    2021-01-01 16:38

    The use of AES as a symmetric cipher for passwords would be a volation of CWE-257 and there for a vulnerability. It is possible to use a symmetric cipher as a hash function. Old unix passwords use DES as a hash function and newer unix systems use blowfish as a hash function. But even though its a block cipher, its being used as a one-way function, which is a requirement for any password storage system.

    For php you should use sha256.

    0 讨论(0)
 看不清?
提交回复
热议问题