使用 bcrypt .如果某人拥有您数据库的用户表，那么他们可以使用蛮力/彩虹表/etc来满足自己的需求.即使使用盐，如果您使用的是MD5或其他某种快速哈希算法(顺便说一句，这些算法也不是为了解决此问题而设计的)；可以破解只是时间问题.

Use bcrypt. If someone has the user table of your database, then they can use brute force/rainbow tables/etc to their heart's content. Even with salt, if you're using MD5 or some other fast-hashing algorithm (which aren't designed to solve this problem, by the way); it's just a matter of time before it can be cracked.

任何众所周知且得到广泛支持的哈希算法都将具有相同的基本缺陷"(如果可以这样称呼；实际上是根据定义).区别在于，执行散列操作时，bcrypt的糖蜜慢，使暴力攻击的效率大大降低.

Any well-known and widely-supported hashing algorithm is going to have this same basic "flaw" (if you can call it that; it's really by definition). The difference is that bcrypt is slow as molasses when performing the hashing operation, rendering a brute force attack much less effective.

要对bcrypt的优点，其他方法的危险以及密码安全性的一般性问题进行绝妙的讨论，请阅读

For an absolutely great discussion on the merits of bcrypt, the dangers of other approaches, and the difficulty of password security in general, read this thread. It has lots of comments by many people that are much more knowledgeable about this sort of thing than I am, and it should hopefully help you understand more of the issues at stake.