将旧密码转移到新的哈希算法? [英] Moving old passwords to new hashing algorithm?

问题描述

我正在将网站切换到Rails.这是一个拥有超过5万名用户的大型网站.问题在于，现有的密码哈希方法极其较弱.我有两个选择:

1)切换到新算法，为每个人生成随机密码，然后通过电子邮件将这些密码发送给他们，并在之后立即要求更改

2)实施新算法，但在以前使用旧算法，然后对结果进行哈希处理.例如:

密码:abcdef =算法1 => xj31ndn =算法2 => $ 21aafadsada214

任何新密码都需要通过原始算法(md5)，然后将其结果散列(如果有意义)?这有什么不利条件吗?

解决方案

通常无需重置密码，只需等到用户下次登录时即可.

1. 首先尝试使用新算法验证输入的密码.这样，新密码和已转换的密码将不需要花费更长的时间进行验证.
2. 如果不匹配，请将其与旧的哈希算法进行比较.
3. 如果旧的哈希值匹配，那么您可以计算并存储新的哈希，因为您知道密码了.

每个密码存储系统都必须具有切换到更好的哈希算法的选项，您的问题不是一次性迁移问题.诸如BCrypt之类的良好密码哈希算法都有一个成本因素，您不时需要增加此成本因素(由于硬件速度更快)，然后需要与迁移完全相同的过程.

如果第一个算法确实很弱，并且希望立即提供更多保护，那么对旧哈希进行哈希处理的选项2是一件好事.在这种情况下，您可以计算一个双哈希值，并用新的双哈希值替换数据库中的旧哈希值.

$newHashToStoreInTheDb = new_hash($oldHashFromDb)

您还应该标记此密码哈希(查看原因)，这样您就可以将其识别为哈希.这可以在单独的数据库字段中完成，也可以包括自己的签名.现代密码哈希函数还包括算法的签名，因此它们可以升级到较新的算法，并且仍然可以验证较旧的哈希.该示例显示了BCrypt哈希的签名:

$2y$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa
___
 |
 signature of hash-algorithm = 2y = BCrypt

验证将像这样运行:

1. 确定它是否是双哈希值.
2. 如果它是新的哈希，请调用新的哈希函数以验证输入的密码，然后完成.
3. 如果是双重哈希，请将其与双重哈希算法new_hash(old_hash($password))进行比较.
4. 如果双哈希值匹配，则可以计算并存储新哈希.

I'm switching a site over to rails. It's quite a large site with 50k+ users. The problem is, the existing password hashing method is extremely weak. I have two options:

1) Switch to a new algorithm, generate random passwords for everyone and then email them those passwords and require the change immediately after

2) Implement new algorithm but use the the old one before and then hash the result. For example:

Password: abcdef =Algorithm 1=> xj31ndn =Algorithm 2=> $21aafadsada214

Any new passwords would need to go through the original algorithm (md5) and then have the result of that hashed if that makes any sense? Is there any disadvantage to this?

解决方案

Normally it's not necessary to reset the passwords, one can just wait until the user logs in the next time.

1. First try to verify the entered password with the new algorithm. New passwords and already converted passwords will not take longer for verification then.
2. If it does not match, compare it with the old hash algorithm.
3. Should the old hash value match, then you can calculate and store the new hash, since you know the password then.

Every password-storing-system must have the option to switch to a better hash algorithm, your problem is not a one-time migration problem. Good password hash algorithms like BCrypt have a cost factor, from time to time you have to increase this cost factor (because of faster hardware), then you need the exact same procedure as you need for the migration.

Your option 2 with hashing the old hash is a good thing, if your first algorithm is really weak, and you want to give more protection immediately. In this case you can calculate a double-hash and replace the old hash in the database with the new double-hash.

$newHashToStoreInTheDb = new_hash($oldHashFromDb)

You should also mark this password-hash (see why), so you can recognize it as double-hash. This can be done in a separate database field, or you can include your own signature. Modern password hash functions also include a signature of the algorithm, so that they can upgrade to newer algorithms, and still can verify older hashes. The example shows the signature of a BCrypt hash:

$2y$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa
___
 |
 signature of hash-algorithm = 2y = BCrypt

The verification would run like this:

1. Decide whether it is a double-hash.
2. If it is a new hash, call the new hash-function to verify the entered password, and you are done.
3. If it is a double-hash, compare it with the double-hash algorithm new_hash(old_hash($password)).
4. Should the double-hash value match, then you can calculate and store the new hash.

这篇关于将旧密码转移到新的哈希算法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！