Drupal 的默认密码加密方法是什么?

2021-12-29 00:00:00 php mysql drupal

我想弄清楚 Drupal 6/7 默认情况下用于存储密码的安全性是什么.是 MD5、AES、SHA 吗?我一直找不到任何东西.

I am trying to figure out what is the security that Drupal 6/7 uses by default to store passwords. Is it MD5, AES, SHA? I have been unable to find anything.

推荐答案

Drupal 8 和 Drupal 7 默认使用带盐的 SHA512.他们通过 PHP 的 hash 函数多次运行哈希以增加计算成本生成密码的最终哈希值(一种称为 stretching 的安全技术).

Drupal 8 and Drupal 7 use SHA512 by default with a salt. They run the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching).

在 Drupal 8 中,实现是面向对象的.有一个 PasswordInterface 定义了一个哈希方法.该接口的默认实现在 PhpassHashedPassword 类.那个类' hash 方法调用 crypt 方法传入 SHA512 作为散列算法、密码和生成的盐.该类的 crypt 方法与 Drupal 7 的 _password_crypt 几乎相同() 方法.

With Drupal 8, the implementation is object oriented. There is a PasswordInterface which defines a hash method. The default implementation of that interface is in the PhpassHashedPassword class. That class' hash method calls the crypt method passing in SHA512 as the hashing algorithm, a password, and a generated salt. The class' crypt method is nearly the same as Drupal 7's _password_crypt() method.

在 Drupal 7 中,实现分为几个全局函数:user_hash_password() 和 _password_crypt().

With Drupal 7, the implementation is split into a couple global functions: user_hash_password() and _password_crypt().

Drupal 6 使用没有盐的 MD5.相关函数是user_save().

Drupal 6 uses MD5 without a salt. The relevant function is user_save().

相关文章