我有两个 docker 容器,一个是PHP8.2.3,另一个是PHP7.4.30.
另外,我有包含现有密码散列的数据库(最初是由YII2框架在未知环境中使用密码PASSWORD_HASH创建的).
我创建了test.php,在那里我输出了两件事:
var_dump(password_get_info('$2a$07$6c2eb62b00df224f3d20$.qzdiDRZejMnGytXWsA7Jid7RpWazDc6'))
和
var_dump(password_verify('password', '$2a$07$6c2eb62b00df224f3d20$.qzdiDRZejMnGytXWsA7Jid7RpWazDc6'))
In PHP 7.4 the results are:个
array(3) {
["algo"]=>
NULL
["algoName"]=>
string(7) "unknown"
["options"]=>
array(0) {
}
}
和
bool(true)
While in PHP 8.2:个
array(3) {
["algo"]=>
NULL
["algoName"]=>
string(7) "unknown"
["options"]=>
array(0) {
}
}
和
bool(false)
I know that different hashing algorithms might have been used. But the hashing algorithm should be specified (和 thus identified) in the hash itself.
另外,两个引擎都不知道算法.但是,PHP7.4能够验证密码.
为什么会发生这种情况?
从文档中:
Note that password_hash() returns the algorithm, cost 和 salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or