如何将Argon2算法与password_hash一起使用? [英] How do I use the Argon2 algorithm with password_hash?
问题描述
所以我听说PHP 7.2引入了新的 Argon2算法。但是我对如何在现有代码中使用它感到困惑。例如,我有这个
So I heard that PHP 7.2 introduced the new Argon2 algorithm. But I'm confused on how I can use it with my existing code. For instance, I have this
$password = password_hash('somepassword', PASSWORD_DEFAULT, ['cost' => 12]);
PASSWORD_DEFAULT 现在是否使用Argon2?我需要使用 password_verify 进行更改吗? bcrypt现在被认为不安全吗?
Does PASSWORD_DEFAULT now use Argon2? What, if anything, do I need to change with password_verify? Is bcrypt considered insecure now?
推荐答案
什么是Argon2? bcrypt现在不好吗?
在PHP 7.2之前,唯一使用的哈希算法 password_hash 是bcrypt。在撰写本文时,bcrypt仍被认为是强大的哈希,尤其是与其前身 md5 和 sha1 (两者相比)其中因为它们很快就不安全)。 Argon2是简单地是一种成本更高的蛮力算法
What is Argon2? Is bcrypt bad now?
Prior to PHP 7.2, the only hashing algorithm password_hash used was bcrypt. As of this writing, bcrypt is still considered a strong hash, especially compared to its predecessors, md5 and sha1 (both of which are insecure because they are fast). Argon2 is simply a costlier algorithm to brute force
Argon2i使用与数据无关的内存访问。它之所以速度较慢,是因为它使更多的内存通过以防止权衡攻击。强烈建议您使用密码哈希和基于密码的密钥派生。
Argon2i uses data-independent memory access. It is slower because it makes more passes over the memory to protect from trade off attacks. It is highly recommended for password hashing and password-based key derivation.
Bcrypt仍然是可接受的密码哈希。从7.2.0版开始,不需要的话就不需要切换。另外, PASSWORD_DEFAULT 应该仅应更改(每个 PHP内部策略)。如果要确保仅继续使用bcrypt,可以改用 PASSWORD_BCRYPT 。但是,这是不必要的,我们将在下面讨论。
Bcrypt is still an acceptable hash for passwords. There's no need to switch if you don't want to (as of the 7.2.0 release). Also, PASSWORD_DEFAULT should only change (per PHP Internals policy) on the next full release (7.3.0 or higher). If you want to ensure you continue with only bcrypt, you can use PASSWORD_BCRYPT instead. This is unnecessary, however, as we'll discuss below.
首先,我们将 password_hash 的第二个参数切换为常量
First, we'll switch the second argument of password_hash over to one of these to constants
-
PASSWORD_ARGON2I-PHP 7.2.0 + -
PASSWORD_ARGON2ID-PHP 7.3 .0+(首选,如果有的话,请参见下面的注释)
PASSWORD_ARGON2I- PHP 7.2.0+PASSWORD_ARGON2ID- PHP 7.3.0+ (preferred if available, see notes below)
,然后我们需要更改选项。 bcrypt使用 cost 作为参数来遍历密码多少次(更高的成本=更长的哈希时间)。但是有不同的成本因素
and then we'll need to change our options. bcrypt uses cost as the parameter for how many times it iterates over the password (higher cost = longer hashing time). There's different cost factors, however
password_hash('somepassword', PASSWORD_ARGON2I, ['memory_cost' => 2048, 'time_cost' => 4, 'threads' => 3]);
从手册中我们将看到这些选项的作用
From the manual we see what these options do
-
memory_cost-可用于计算Argon2哈希的最大内存(以字节为单位)(默认为1024) -
time_cost-计算Argon2哈希值所需的最大时间(默认为2) -
threads-用于计算Argon2哈希的线程数(默认为2)
memory_cost- Maximum memory (in bytes) that may be used to compute the Argon2 hash (default 1024)time_cost- Maximum amount of time it may take to compute the Argon2 hash (default 2)threads- Number of threads to use for computing the Argon2 hash (default 2)
了解,在您进行更改之前这些,因此较高的费用会降低脚本的运行速度。您需要在服务器上进行测试,以找到最适合您的设置。这通常是通过遍历给定成本的几次迭代来完成的。如果需要, PHP手册提供了一个示例
Understand, before you go changing these, that a higher cost here will slow down your script. You'll want to run a test on your server to find a setting that works best for you. This is typically by looping over several iterations of a given cost. The PHP manual gives an example of this if you need one.
还要注意,虽然bcrypt存储60个字符,但Argon2可能需要更多字符。理想情况下,您应该使密码字段存储255个字符。
Also note that, while bcrypt stores 60 characters, Argon2 can require more than that. You should, ideally, make your password field store 255 characters.
这里的答案是……什么都没有。理解 password_verify 足够聪明,可以找出所使用的算法并进行适当的处理。如上所述,这意味着,如果您使用的是 PASSWORD_DEFAULT ,则默认值可能会发生变化,并且不会对您造成负面影响(尽管您可能需要调整成本参数)。 password_verify 仅需要它支持的算法。如果您从bcrypt切换到Argon2,两者都会以相同的方式进行验证,因为所有必需的数据(盐,哈希和成本)都将为您存储。
The answer here is... nothing. Understand that password_verify is smart enough to figure out what algorithm was used and handle it appropriately. As mentioned above, this means that if you are using PASSWORD_DEFAULT, the default can change and not negatively affect you (although you may need to adjust the cost parameters). password_verify simply requires an algorithm it supports. If you switch from bcrypt to Argon2, both will verify the same way, as all the necessary data (salt, hash and cost) are stored for you.
//Works for both bcrypt and Argon2
if(password_verify($user_password, $stored_hash)) {
// password validated
}
如果要从bcrypt升级哈希,则可以在用户成功登录后执行此操作(从而向您提供了un哈希密码)。只需检查您的哈希是否以 $ 2y $ (bcrypt标记)开头。如果是这样,请将提供的密码再次传递给 password_hash ,但要使用Argon2参数,然后将其保存到登录用户的密码字段中。
If you want to upgrade the hashes from bcrypt, you can do this when a user successfully logs in (and thus supplied you with the un-hashed password). Simply check if your hash starts with $2y$ (the bcrypt marker). If it does, pass the supplied password to password_hash again, but with the Argon2 arguments, and save it to the password field of the logged-in user.
1-pass Argon2id的最佳折衷攻击是低存储攻击(针对内存的前半部分)和排名攻击(针对后半部分)相结合,这两者的综合系数约为2.1。
The best tradeoff attack on 1-pass Argon2id is the combined low-storage attack (for the first half of the memory) and the ranking attack (for the second half), which bring together the factor of about 2.1.
Argon2ID与Argon2I使用相同的参数。
Argon2ID works with the same arguments that Argon2I works with.
这篇关于如何将Argon2算法与password_hash一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
