BCrypt 是一种在 C# 中使用的好的散列算法吗?我在哪里可以找到它? [英] Is BCrypt a good hashing algorithm to use in C#? Where can I find it?

问题描述

我读到在对密码进行哈希处理时，许多程序员建议使用 BCrypt 算法.

I have read that when hashing a password, many programmers recommend using the BCrypt algorithm.

我正在用 C# 编程，想知道是否有人知道 BCrypt 的良好实现?我发现 这个页面，但我真的不知道它是否是伪造的.

I am programming in C# and is wondering if anyone knows of a good implementation for BCrypt? I found this page, but I don't really know if it is bogus or not.

选择密码散列方案时应该注意什么?BCrypt 是一个好的"实现吗?

What should I be aware of when choosing a password hashing scheme? Is BCrypt a 'good' implementation?

推荐答案

首先，一些重要的术语:

First, some terms that are important:

哈希 - 取一个字符串并产生一个无法还原为原始字符串的字符序列.

Hashing - The act of taking a string and producing a sequence of characters that cannot be reverted to the original string.

对称加密 -(通常简称为'encryption') - 获取一个字符串并生成一系列字符的行为，可以通过使用相同的加密密钥将其解密为原始字符串.

Symmetric Encryption - (Usually just referred to as 'encryption') - The act of taking a string and producing a sequence of characters that can be decrypted to the original string through the use of the same encryption key that encrypted it.

Rainbow Table - 包含所有变体的查找表以特定散列算法散列的字符.

Rainbow Table - a lookup table that contains all variations of characters hashed in a specific hashing algorithm.

Salt - 附加的已知随机字符串到散列之前的原始字符串.

Salt - a known random string appended to the original string before it is hashed.

对于 .NET Framework，Bcrypt 还没有验证参考实现.这很重要，因为无法知道现有实现中是否存在严重缺陷.您可以在此处获得 BCrypt for .NET 的实现.我对密码学知之甚少，无法判断它的实现是好是坏.密码学是一个很深的领域.不要尝试构建自己的加密算法.严重地.

For the .NET Framework, Bcrypt does not yet have a verified reference implementation. This is important because there's no way to know if there are serious flaws in an existing implementation. You can get an implementation of BCrypt for .NET here. I don't know enough about cryptography to say whether it's a good or bad implementation. Cryptography is a very deep field. Do not attempt to build your own encryption algorithm. Seriously.

如果你要实现自己的密码安全(叹气)，那么你需要做几件事:

If you are going to implement your own password security (sigh), then you need to do several things:

1. 使用相对安全的哈希算法.
2. 在对每个密码进行哈希处理之前对其进行加盐处理.
3. 为每个密码使用唯一的长盐，并将盐与密码.
4. 需要强密码.

1. Use a relatively secure hash algorithm.
2. Salt each password before it's hashed.
3. Use a unique and long salt for each password, and store the salt with the password.
4. Require strong passwords.

不幸的是，即使你做了这一切，一个坚定的黑客仍然有可能找出密码，只是需要他很长时间.这是您的主要敌人:时间.

Unfortunately, even if you do all this, a determined hacker still could potentially figure out the passwords, it would just take him a really long time. That's your chief enemy: Time.

bcrypt 算法有效，因为它需要五个散列密码的时间比 MD5 长几个数量级；(并且仍然比 AES 或 SHA-512 长得多).它迫使黑客花费更多时间来创建彩虹表来查找您的密码，从而大大降低您的密码被黑客入侵的可能性.

The bcrypt algorithm works because it takes five orders of magnitude longer to hash a password than MD5; (and still much longer than AES or SHA-512). It forces the hacker to spend a lot more time to create a rainbow table to lookup your passwords, making it far less likely that your passwords will be in jeopardy of being hacked.

如果您对密码进行加盐和散列处理，并且每种加盐都不相同，那么潜在的黑客将不得不为盐的每个变体创建一个彩虹表，只是为一个加盐+散列的密码创建一个彩虹表.这意味着如果您有 100 万用户，黑客必须生成 100 万张彩虹表.如果您为每个用户使用相同的盐，那么黑客只需生成 1 个彩虹表即可成功入侵您的系统.

If you're salting and hashing your passwords, and each salt is different, then a potential hacker would have to create a rainbow table for each variation of salt, just to have a rainbow table for one salted+hashed password. That means if you have 1 million users, a hacker has to generate 1 million rainbow tables. If you're using the same salt for every user, then the hacker only has to generate 1 rainbow table to successfully hack your system.

如果您没有对密码进行加盐处理，那么攻击者所要做的就是为那里的每个实现(AES、SHA-512、MD5)拉出一个现有的 Rainbow 表，然后查看一个是否与哈希匹配.这个已经完成，攻击者不需要自己计算这些彩虹表.

If you're not salting your passwords, then all an attacker has to do is to pull up an existing Rainbow table for every implementation out there (AES, SHA-512, MD5) and just see if one matches the hash. This has already been done, an attacker does not need to calculate these Rainbow tables themselves.

即使有这一切，您必须使用良好的安全实践.如果他们可以成功使用另一个攻击向量(XSS、SQL 注入、CSRF、等.) 在您的网站上，良好的密码安全性并不重要.这听起来像是一个有争议的说法，但想想看:如果我可以通过 SQL 注入攻击获得你所有的用户信息，或者我可以通过 XSS 让你的用户给我他们的 cookie，那么您的密码安全性有多好并不重要.

Even with all this, you've got to be using good security practices. If they can successfully use another attack vector (XSS, SQL Injection, CSRF, et. al.) on your site, good password security doesn't matter. That sounds like a controversial statement, but think about it: If I can get all your user information through a SQL injection attack, or I can get your users to give me their cookies through XSS, then it doesn't matter how good your password security is.

其他资源:

1. 杰夫阿特伍德:.NET 加密简化(非常适合散列概述)
2. 杰夫阿特伍德:我刚刚以您的身份登录
3. Jeff Atwood:您可能正在存储密码错误
4. 杰夫阿特伍德:速度哈希

1. Jeff Atwood: .NET Encryption Simplified (great for an overview of hashing)
2. Jeff Atwood: I just logged in as you
3. Jeff Atwood: You're probably storing passwords incorrectly
4. Jeff Atwood: Speed Hashing

注意:请推荐其他好的资源.我一定读过几十位作者的十几篇文章，但很少有人像杰夫那样在这个主题上写得这么清楚.请在文章中找到它们进行编辑.

Note: Please recommend other good resources. I've must have read a dozen articles by dozens of authors, but few write as plainly on the subject as Jeff does. Please edit in articles as you find them.

这篇关于BCrypt 是一种在 C# 中使用的好的散列算法吗?我在哪里可以找到它?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！