来自 password_hash() 函数:
PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
这是否意味着每当 PASSWORD_DEFAULT 更改时,我将无法使用新的 php 版本,否则 password_verify() 将无法正确检查旧用户密码?
最佳答案
不,password_verify() 将识别所使用的算法,因为它嵌入在您要验证的散列中:散列的第一部分(例如 $2y$
)表示
关于php - password_hash() PASSWORD_DEFAULT PHP 5.5,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28033298/