我应该使用表中的口令字段; MD5或SHA-1？ [英] What should I use for password fields in a table; MD5 or SHA1?

问题描述

我绝不是一个安全专家，甚至新手。我是一个新手在安全性最好的。

I am by no means a security expert or even a novice. I'm a newbie at security at best.

有人建议我用SHA1代替MD5 - 为什么我会选择一个比其他？一个更安全？

Someone suggested I use SHA1 instead of MD5 - why would I choose one over the other? Is one more secure?

推荐答案

我会用SHA2（256）在最小的 - 但是：

I would use SHA2(256) at the minimum - however:

有一个在简单散列在数据库中的密码由于彩虹表的攻击很少或没有点。同样，盐腌哈希是更好的，但如果有人访问你的数据库，然后有机会，他们有机会获得您的code在这种情况下，他们或许可以拆卸固定的盐。同样的，如果你使用一个随机的盐，那么你将它存储了行内无论如何，所以虽然它减缓人们失望，他们仍然可以通过彩虹表攻击。

There is little or no point in simply hashing a password in a database due to rainbow table attacks. Equally, salted hashing is better, but if someone has access to your database, then the chances are that they have access to your code in which case they can probably disassemble a fixed salt. Equally, if you use a random salt, then you're storing it inside the row anyway, so while it slows people down they can still attack it with a rainbow table.

一个更好的解决方案是使用密码伸展它使用一个随机的盐，以及一个随机的（高）号迭代使试图对每个密码蛮力攻击需要较长显著，因此使身体难以破解所有的密码。

A better solution is to use Password Stretching which uses a random salt as well as a random (high) number of iterations so that attempting a brute-force attack against each password takes significantly longer and therefore makes it physically harder to crack all the passwords.

我相信，在.net中，此可通过PBKDF可以实现 - 但我已经遗失一个链接（有人提供给我一个答案的一个问题，我问前一阵子）。 修改 - 找到的链接，净：<一href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx">Rfc2898DeriveBytes类。

I believe in .Net this can be achieved using PBKDF - but I've mislaid a link to it (somebody supplied it to me an answer to a question I asked a while ago). EDIT-Found the link for .Net: Rfc2898DeriveBytes Class.

在MD5

虽然MD5确实被证明是破所提到的其他的答案，主要的原因，我不会用它 - 为什么我读过，这是不可取的使用它 - 是因为它实际上非常快，从而增加给定的时间周期内的裂纹的可能性。

Whilst MD5 has indeed been shown to be 'broken' as mentioned by the other answers, the main reason why I wouldn't use it - and why I've read that it's inadvisable to use it - is because it's actually very fast, thereby increasing the possibility of a crack within a given period of time.

这篇关于我应该使用表中的口令字段; MD5或SHA-1？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！