问题
http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash
I'm storing user passwords in a MySQL database in hash form. Does this mean that it is unsafe to do so? If it is, what are my alternatives?
回答1:
The next question in the FAQ you linked to discusses it: How should I hash my passwords, if the common hash functions are not suitable?
From the FAQ:
The suggested algorithm to use when hashing passwords is Blowfish, as it is significantly more computationally expensive than MD5 or SHA1, while still being scalable.
The question following that is about salt.
回答2:
Has been answered many times before. You can use something like SHA-256 http://php.net/manual/en/function.hash.php but you should also salt the password before hashing it and you can iteratively hash the password - so in the unlikely event it is cracked it will only reveal another hash (in other words, cracking the password takes much longer).
回答3:
As the page you linked to recommends, use the PHP crypt() function with the Blowfish algorithm. Also, use a varying salt for each call to crypt(). You can store the salt values in the same database table as the password, so that it can be used when you compare the passwords later.
To call crypt() with the Blowfish algorithm, use a salt that begins with $2a$, followed by a number (the "cost parameter") between 04 and 31, followed by a $, and then 22 digits from the alphabet ./0-9A-Za-z.
The PHP: crypt manual contains more details on how to use crypt()
回答4:
Read the next section of the link: How should I hash my passwords, if the common hash functions are not suitable?
回答5:
For a concrete example of why using plain, unsalted MD5 for password hashing is a bad idea, try entering the MD5 hashes of some reasonably common passwords into a site like md5decrypter.co.uk or md5hashcracker.appspot.com or md5this.com. Or just into Google, which indexes most of those sites (and many others too).
来源:https://stackoverflow.com/questions/8110196/php-net-says-that-md5-and-sha1-unsuitable-for-password