从未加盐到加盐的MD5密码 [英] Going from unsalted to salted MD5 passwords

问题描述

我有一个LAMP(PHP)网站，该网站正变得越来越流行.

I have a LAMP (PHP) website which is becoming popular.

我通过将用户密码存储为md5散列来确保安全.

I played it safe by storing the user passwords as md5 hashes.

但是我现在看到那是不安全的；我应该给md5哈希加盐-因为当前可以使用彩虹表解码未加盐的md5哈希.

But I now see that's not secure; I should have salted the md5 hash - because it's currently possible to decode unsalted md5 hashes using rainbow tables.

我该怎么办?

我不想让每个人都输入新密码.

I don't want to make everyone type a new password.

推荐答案

您可以执行两步哈希"，而不是一步就创建哈希.

You can do a "2 step hashing" instead of creating a hash in a single step.

您可以将每个密码哈希附加到用户名，然后再次对其进行哈希.这将创建一个不可解密的散列，其中散布着独特的信息.

You could append each password hash to the username, and then hash it again. This will create an undecryptable hash thats salted with unique informations.

通常的腌制过程是

盐+ PWD->哈希

您可以执行以下操作: PWD->哈希-> UserID +哈希->哈希

You could do something like: PWD -> Hash -> UserID+Hash -> Hash

(请注意，仅选择了UserID，因此每个双哈希值都存在唯一的盐...请随意使盐变得更复杂)

(Note the UserID was only picked so a unique salt for each double hash exists... Feel free to make your salt more complex)

这篇关于从未加盐到加盐的MD5密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！