从未加盐到加盐的MD5密码 [英] Going from unsalted to salted MD5 passwords
问题描述
我有一个LAMP(PHP)网站,该网站正变得越来越流行.
I have a LAMP (PHP) website which is becoming popular.
我通过将用户密码存储为md5散列来确保安全.
I played it safe by storing the user passwords as md5 hashes.
但是我现在看到那是不安全的;我应该给md5哈希加盐-因为当前可以使用彩虹表解码未加盐的md5哈希.
But I now see that's not secure; I should have salted the md5 hash - because it's currently possible to decode unsalted md5 hashes using rainbow tables.
我该怎么办?
我不想让每个人都输入新密码.
I don't want to make everyone type a new password.
推荐答案
您可以执行两步哈希",而不是一步就创建哈希.
You can do a "2 step hashing" instead of creating a hash in a single step.
您可以将每个密码哈希附加到用户名,然后再次对其进行哈希.这将创建一个不可解密的散列,其中散布着独特的信息.
You could append each password hash to the username, and then hash it again. This will create an undecryptable hash thats salted with unique informations.
通常的腌制过程是
盐+ PWD->哈希
您可以执行以下操作: PWD->哈希-> UserID +哈希->哈希
You could do something like: PWD -> Hash -> UserID+Hash -> Hash
(请注意,仅选择了UserID,因此每个双哈希值都存在唯一的盐...请随意使盐变得更复杂)
(Note the UserID was only picked so a unique salt for each double hash exists... Feel free to make your salt more complex)
这篇关于从未加盐到加盐的MD5密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!