我已经问了十几次这个问题.

密码盐真的有必要吗？

我找不到关于这个主题的任何好文献.

从安全角度来看,密码盐有帮助吗？
如果数据库被破坏,如果密码是反正的话,盐是不是会丢失？

此外,从刷力的角度来看,如果我禁止IP,是否真的有理由储存盐？

解决方法:

是的,你应该总是使用盐.幸运的是,PHP非常聪明.从this article开始：

If you use the default options for the 07001 function PHP will generate a random salt for each password as it is hashed. The random salt is an additional layer of security which makes it exceptionally hard to crack any passwords. Even if two or more users use the same password each of their hashes will be different.

这使您远离必须生成盐并将繁重的工作留给PHP.验证部分password_verify()使用放置在散列中的随机盐来测试给定的密码.

来自password_verify()的文档：

Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that’s needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.