在encripted字符串前面的$ xx $符号是什么意思?
I've noticed that lots of PHP software, such as Joomla! or Wordpress prepend "$xx$." symbols to their hashed strings. This happens, for example, when storing user passwords in databases.
What's the reason for this?
我注意到很多PHP软件,比如Joomla! 或Wordpress前置“$ xx $。” 符号到它们的散列字符串。 例如,当在数据库中存储用户密码时会发生这种情况。
这是什么原因? p>
div>
The $xx$ denotes what hashing algorithm is used. One reason why it is useful that this is part of the resulting string, is that it allows you to have multiple types of hashes in the database without things breaking because you don't know what hashing algorithm was used. It also gives you an upgrade-path, to increase security of your passwords.
If you use crypt, you just use crypt($password, $hash) == $hash and crypt figures out from the hash you provide which algorithm to use. It can also extract the salt, and other options (depending on the algorithm).
For example for sha256, you get something like "$5$rounds=5000$usesomesillystri$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6" (from http://php.net/manual/en/function.crypt.php ). The "5" denotes the hashing algorithm, the "rounds=5000" is an option the hashing algorithm uses, and "usesomesillystringforsalt" is a salt, which insures that hashes of the same password looks different for different people, and making it harder to brute-force attack the hash. The "KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6" is the actual hashed password.