我应该使用什么哈希算法来存储密码? [英] What hashing algorithm should I use for storing passwords?

问题描述

我并不真正了解有关哈希算法强度的最新发展；目前我存储密码的最佳选择是什么?

I'm not really up to date with the most recent developments regarding hashing algorithms strengths; what is currently my best bet for storing passwords?

另外，加盐和密钥拉伸能为我提供多少安全性?

Also, how much more security do salting and key stretching offer me?

推荐答案

• MD5 已损坏.
• SHA-1 有明显的弱点.李>
• 目前认为 SHA-2 已足够.
• SHA-3 很快就会成为 FIPS 标准.
• 最佳做法是将密码哈希与随机加盐和密钥拉伸相结合，例如PBKDF2.
• 关于密码加盐、散列和拉伸的好讨论.
• 我的用C#实现密码加盐、散列和拉伸.
• MD5 has been broken.
• SHA-1 has significant weaknesses.
• SHA-2 is considered adequate at the moment.
• SHA-3 will shortly become a FIPS standard.
• Best practice is to combine password hashing with random salting and key stretching, e.g. PBKDF2.
• A good discussion on password salting, hashing, and stretching.
• My implementation of password salting, hashing, and stretching in C#.

至于哈希提供的额外安全性，这取决于您使用多少次哈希迭代.例如，假设您决定使用 2^14 次哈希迭代.这将密码的熵增加了 14 位.根据摩尔定律，哈希提供的每多一点熵意味着在与今天相同的时间内破解密码大约需要额外的 18 个月.所以要在 21 年(14 x 18 个月)之后才能破解迭代哈希，同时破解原始密码.

As for the extra security provided by hashing, that depends on how many hash iterations you use. As an example, say that you decide to use 2^14 hash iterations. This increases the password's entropy by 14 bits. According to Moore's Law, each extra bit of entropy provided by the hash means approximately 18 extra months to crack the password in the same time as today. So it will be 21 years (14 x 18 months) before the iterated hash can be cracked in the same time as the raw password can be cracked today.

加盐提供的额外安全性是双重的:它阻止了彩虹表的有效使用，并且使得破解大量密码(但不是单个密码)变得更加耗时.

The extra security provided by salting is twofold: it prevents the effective use of a rainbow table, and it makes it more time-consuming to crack a large list of passwords (but not a single password).

这篇关于我应该使用什么哈希算法来存储密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！