问题
In my php application I use the php crypt() function where my salt value is the first two characters from the username. I noticed that the function returns a different result on windows and linux. I also read on w3cschools that this function behaves different on different operating systems. It is possible to configure the php environment in order to obtain the same result on both operating systems? (Modifying the encryption mode is not an option.)
回答1:
crypt() uses whatever underlying hash function the OS uses, so if you want reliable (constant) results you could use one of the other hash functions like md5() or sha256(),sha512().
If you want a particular hashing function to be used by crypt() you have to specify the hash parameter accordingly and check if the algorithm is supported on the host OS. For example (taken from PHP Manual page of crypt()):
if (CRYPT_STD_DES == 1) {
echo 'Standard DES: ' . crypt('rasmuslerdorf', 'rl') . "\n";
}
But its very OS dependent, so I recommend you use a standalone hash function. Or hash().
Append:
With hash() you would first use hash_algos() to check which hash is the best hash supported and then use that as the first argument, like this:
<?php
$algos = hash_algos();
if (in_array("sha256", $algos)) {
$pass = hash ("sha256", "userpassword" . "salt");
}
?>
Hope this helps.
回答2:
It's hard to say without seeing the actual code, but this should not be the case assuming that the hash specified is supported by the underlying code. Prior to PHP 5.3, that was the OS code, but from 5.3 onwards, the hash is implemented within PHP.
The information provided by vanneto is a bit misleading. crypt expects the format of the salt to indicate the algorithm used, e.g. if you want blowfish then you'd provide a salt of:
$2a$xx$yyyyyyyyyyyyyyyyyyyyyy
Where xx indicates the number of repetitions and yyyy... is the actual salt in (22) base64 digits. The example provided by vanneto (2 letters) should use a single round of DES.
来源:https://stackoverflow.com/questions/4447913/php-crypt-function-on-different-os