如何存储密码盐 [英] how to store password salt

问题描述

我已经看到了各种如何正确设置密码盐的方法.基本前提是，在对每个密码进行散列和存储之前，将随机字符串附加到每个密码上.我可以将盐和密码存储在同一张表中吗?另外，只要每个条目都使用不同的盐，则盐是否以纯文本格式存储是否重要?

I've seen various methods on how to properly salt a password. The basic premise is that you attach a random string to each password before it is hashed and stored. Can I store the salt in the same table as the password? Also, does it matter if the salt is stored as plain text, as long as each entry has a different salt?

推荐答案

是.盐背后的想法不是盐是秘密的，而是使不同用户使用相同的密码进行不同的哈希处理.这样就增加了用于破解所需的彩虹表的大小，或强制针对每个密码分别进行字典(或其他)攻击.

Yes. The idea behind a salt is not that the salt be secret, but that it causes the same password for different users to be hashed differently. This raises the size of needed rainbow tables for cracking, or forces a dictionary (or other) attack to be ran against every password separately.

这篇关于如何存储密码盐的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！