數據庫對用戶密碼進行加密後儲存

1. sha1 --計算字符串的 sha1 散列值

 

返回值

返回 sha1 散列值字符串。默認 返回值是一個 40 字符長度的十六進制數字。

<?php
$str = 'apple';

if (sha1($str) === 'd0be2dc421be4fcd0172e5afceea3970e2f3d940') {
    echo "Would you like a green or red apple?";
}
?>

2. md5 — 計算字符串的 MD5 散列值 ​​​​​​​

返回值

以 32 字符十六進制數字形式返回散列值。

加鹽：

<?php
function hash($a) {
    $salt=」Random_KUGBJVY」;  //定義一個salt值，程序員規定下來的隨機字符串
    $b=$a.$salt;  //把密碼和salt鏈接
    $b=md5($b);  //執行MD5散列
    return $b;  //返回散列   
}
?>

 

 

sha1(md5($pass)) 

The suggestion to double-hash your password is not a good idea.  You are much much better off adding a variable salt to passwords before hashing (such as the username or other field that is dissimilar for every account).

Double hashing is *worse* security than a regular hash.  What you're actually doing is taking some input $passwd, converting it to a string of exactly 32 characters containing only the characters [0-9][A-F], and then hashing *that*. You have just *greatly* increased the odds of a hash collision (ie. the odds that I can guess a phrase that will hash to the same value as your password).

sha1(md5($pass))  makes even less sense, since you're feeding in 128-bits of information to generate a 256-bit hash, so 50% of the resulting data is redundant.  You have not increased security at all.