laravel 密码盐存储在哪里?
Laravel 使用 bcrypt
对密码进行哈希处理.
Laravel uses bcrypt
to hash passwords.
根据这篇文章,在过程中的某个时刻,Hash::make
函数创建并使用一个 22 长度的随机字符串作为盐来生成密码.
According to this article, at some point in the process, the Hash::make
function creates and uses a 22-length random string as a salt to generate the password.
对于单个不同的密码,Hash::make
确实返回唯一的哈希值,暗示它确实在过程中的某处使用了某种盐渍.
For a single distinct password, Hash::make
does return unique hashes, hinting that it does use some kind of salting somewhere in the process.
但是这些盐没有存储在用户表中,我期望它们.laravel 如何知道用于验证密码的适当哈希值?
But these salts are not stored in the users table, where I would expect them. How does laravel know the appropriate hash to use to verify the password?
Laravel 哈希解释
推荐答案
您链接的文章似乎包含答案.https://mnshankar.wordpress.com/2014/03/29/laravel-hash-make-explained/
The article that you linked seems to contain the answer. https://mnshankar.wordpress.com/2014/03/29/laravel-hash-make-explained/
这样做的聪明之处在于算法、盐和成本是嵌入到哈希中,因此可以很容易地解析成用于重建/验证的单个组件(请参阅php crypt 源代码的相关部分位于https://github.com/php/php-src/blob/master/ext/standard/crypt.c#L258).因此,您无需将盐/成本单独存储在数据库表.
The cleverness of this is that the algorithm, salt and cost are embedded into the hash and so can be easily parsed out into individual components for reconstruction/verification (Please see relevant sections of the php crypt source code at https://github.com/php/php-src/blob/master/ext/standard/crypt.c#L258). Because of this, you don’t need to store the salt/cost separately in a database table.
相关文章