要求输入单个字母的密码系统——它们存储什么? [英] Password systems which ask for individual letters - what do they store?
问题描述
某些(尤其是银行)密码系统要求您从密码中输入三个(指定)字母才能登录.这应该可以击败键盘记录器,并且可能会破坏线路嗅探重放攻击(对于未加密的会话).
Some (especially bank) password systems require you to enter three (specified) letters out of your password to log in. This is supposed to defeat keyloggers, and possibly wire-sniffing replay attacks (for unencrypted sessions).
显然,这种方案无法使用普通的密码散列来工作,因为您需要知道整个密码才能计算散列.
Clearly, there's no way such a scheme can work using ordinary password hashing, since you'd need to know the whole password to compute the hash.
这样的系统通常在服务器端存储什么来完成这项工作?
What do such systems commonly store server-side to make this work?
他们是否以明文形式存储密码,或者每个字母的单独哈希值,还是什么?
Do they store the password in plaintext, or maybe a separate hash of each letter, or what?
推荐答案
正如您正确指出的那样,如果仅使用密码的子字符串完成身份验证,标准密码哈希方案将不起作用.有多种方法可以实现这样的系统:
As you correctly note, standard password hashing schemes won't work if authentication is done using only a substring of the password. There are a number of ways that such a system could be implemented:
明文存储密码:
- 简单且易于实施.
- 如果数据库遭到入侵,则不安全.
- 可能不符合要求存储散列或加密密码存储的规定(但使用低级数据库加密可能会解决此问题).
存储密码加密,解密查看:
- 如果加密密钥也被泄露,没有比以明文形式存储更安全的了.
- 可能满足禁止以明文形式存储密码的规定.
- 可以通过使用专用的硬件安全模块或单独的身份验证服务器来提高安全性,它将存储密钥并提供用于加密和子字符串验证的黑盒接口.
- No more secure than storing it in plain if the encryption key is also compromised.
- May satisfy regulations forbidding password storage in plain.
- Could be made more secure by using a dedicated hardware security module or a separate authentication server, which would store the key and provide a black-box interface for encryption and substring verification.
存储所有(或足够多)可能的子字符串的哈希值:
- 需要比其他解决方案更多的存储空间.
- 如果数据库遭到破坏,密码仍然可以相当容易地通过蛮力恢复,因为每个子字符串都可以单独受到攻击.
Use k-out-of-n threshold secret sharing:
- 与存储多个哈希值相比,需要更少的空间,但比以明文形式存储密码或使用可逆加密要多.
- 子串验证无需解密密码.
- 如果数据库遭到破坏,仍然容易受到暴力攻击:任何能够猜出密码的 k 个字母的人都可以恢复其余的.(事实上,在某些实现中,k-1 个字母可能就足够了.)
- Needs less space than storing multiple hashes, but more than storing the password in plain or using reversible encryption.
- No need to decrypt the password for substring verification.
- Still susceptible to brute force attack if database is compromised: anyone who can guess k letters of the password can recover the rest. (In fact, with some implementations, k-1 letters might be enough.)
最终,如果数据库受到破坏,所有这些方案都会遭受暴力攻击的弱点.其根本原因是,在一个典型密码(或者,实际上,甚至是一个特别强的密码)的三字母子串中没有太多的熵,所以不需要很多猜测就可以破解.
Ultimately, all of these schemes suffer from weakness against brute force attacks if the database is compromised. The fundamental reason for this is that there just isn't very much entropy in a three-letter substring of a typical password (or, indeed, of even a particularly strong one), so it won't take many guesses to crack.
以下哪个最好?这很难说.如果我不得不选择其中一种方案,我可能会选择使用强对称加密(例如 AES)的加密存储,并使用单独的服务器或 HSM 来处理加密和验证.这样,至少,破坏前端服务器的攻击者将无法仅复制数据库并离线攻击它(尽管如果 HSM 没有实施有效的速率限制,他们仍然可以对 HSM 发起暴力攻击).
Which of these is best? That's hard to say. If I had to choose one of these schemes, I'd probably go for encrypted storage using strong symmetric encryption (such as AES), with a separate server or HSM to handle encryption and verification. That way, at least, an attacker compromising a front-end server wouldn't be able to just copy the database and attack it offline (although they could still mount a brute force attack on the HSM if it didn't implement effective rate limiting).
但是,我想说仅使用部分密码进行身份验证的整个想法存在严重缺陷:它并没有真正提供应有的安全优势,除非在一些特别受限的攻击场景中(例如一个只能观察一个身份验证事件的窃听者,并且不能一直尝试直到他们得到相同的挑战),但它通过减少成功身份验证所需的信息量从根本上削弱了安全性.对于部分密码身份验证应该解决的安全问题,有更好的解决方案,例如 TANs地址.
However, I'd say that the whole idea of using only part of the password for authentication is deeply flawed: it doesn't really deliver the security benefits it's supposed to, except in a few particularly constrained attack scenarios (such as an eavesdropper that can only observe one authentication event, and cannot just keep trying until they get the same challenge), yet it fundamentally weakens security by reducing the amount of information needed for successful authentication. There are much better solutions, such as TANs, to the security concerns that partial password authentication is supposed to address.
这篇关于要求输入单个字母的密码系统——它们存储什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
