编程语言
首页 > 编程语言> > PHP crypt()在5.6.4版本中返回* 0失败字符串,但不是5.4,

PHP crypt()在5.6.4版本中返回* 0失败字符串,但不是5.4,

作者:互联网

echo crypt(‘test’,“$2a $07 $”);在PHP版本5.4.16中生成一个长哈希,但它在5.6.4中生成“失败字符串”* 0.

读取crypt()上的PHP文档,我仍然不太清楚为什么,尽管Changelog提到* 1被返回而不是* 0,具体取决于具体情况. (http://php.net/manual/en/function.crypt.php)

在这种情况下返回* 0的原因是什么? PHP过去5.4是否已经停止了$2a $07 $形式的坏盐?

解决方法:

Blowfish定义说你必须在第三个$之后定义一个字符串.

<?php
echo crypt('test',  "$2a$07$mystring");
?>

Blowfish hashing with a salt as follows: “$2a$”, “$2x$” or “$2y$”, a two digit cost parameter, “$”, and 22 characters from the alphabet “./0-9A-Za-z”

如果不定义该字符串,则会收到错误* 0.

5.6.5 When the failure string “*0” is given as the salt, “*1” will now be returned for consistency with other crypt implementations. Prior to this version, PHP 5.6 would incorrectly return a DES hash.

标签:php,php-5-4,php-5-6,crypt
来源: https://codeday.me/bug/20190612/1223605.html