问题
Example security code:
a35sfj9ksdf
How can I ask a user for several characters (e.g. first, forth and ninth) of their security code and then check these? The main difficulty comes in how do I store the seucurity code in an encrypted form - if I were to store each character individually, then the encryption would be incredibly easy to break.
回答1:
A possibility that was described neither here nor at How to store and verify digits chosen at random from a PIN/Password is this:
- Create a random salt of the same length as the seucrity code (here 11)
- Store the salt with the user
- for every char of the security code, replace the corresponding char of the salt with the char from the security code and hash it securely
- store these hashes with the user
Now you have to store the manageable quantity of n+1 fields for a security code of length n and can still verify single (position,char) tuples
回答2:
What about using substr()?
substr("a35sfj9ksdf", 0, 1);
That would return 'a', the first character
substr("a35sfj9ksdf", 4, 1);
This would return 4, the 5th character
So something like please enter the $n character and use
substr("a35sfj9ksdf", $n-1, 1);
回答3:
you can follow those steps,
store all your desired characters in an array
generate n (length of user code) number of random numbers where each number will represent a character of your array.
Then concat the new generated characters to make a string
Store the string using session and when ask from the user just match the user code with session
you can also make a simple captcha service using the similar way
来源:https://stackoverflow.com/questions/8770954/require-different-characters-in-a-security-code