散列和腌制密码来保护对字典攻击？ [英] Are hashed and salted passwords secure against dictionary attacks?

查看：246 发布时间：2016/7/25 9:40:16 security authentication hash salt

本文介绍了散列和腌制密码来保护对字典攻击？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

据我了解，盐使相同的密码哈希值不同。然而，盐通常存储在与口令数据库。所以我们可以说我是攻击者，这里是如何我可能会使用（在这个例子中注意到我不写了128位的哈希值或盐为简洁起见）对盐字典攻击：

I understand that salts make the same password hash to different values. However, salts are usually stored in the database with the password. So let's say I am attacker, here is how I might use a dictionary attack against a salt (note in this example i don't write out 128 bit hashes or salts for the sake of brevity):

user_pw = 'blowfish'

Given:
email = 'blah@blah.com'
hash = '1234567890'
salt = '0987654321'

function attack(){
  for each(word in dictionary)
    md5( word * salt ) == hash ? cracked_one(email, word)
}

据我所知利用彩虹表这个prevents黑客......但似乎没有prevent字典攻击。我想你可以添加别的东西来的哈希算法，但与安全，我们必须假设攻击的方法是已知的。

I understand this prevents hackers from using rainbow tables...but doesn't seem to prevent dictionary attacks. I guess you could add something else to the hash algorithm, but with security we must assume that the method of attack is known.

如此看来，从搞清楚腌制prevents黑客其中的密码很可能是词典的密码（即多个用户拥有的）和prevents彩虹攻击...但是没有prevent字典攻击

So it seems that salting prevents hackers from figuring out which passwords are likely to be dictionary passwords (ones that multiple users have) and prevents rainbow attacks...but does not prevent dictionary attacks.

这是一个正确的分析？为更好的安全性有什么建议？

Is this a correct analysis? Any suggestions for better security?

谢谢！

散列和腌制密码来保护对字典攻击？ [英] Are hashed and salted passwords secure against dictionary attacks?

问题描述

推荐答案

相关文章

ASP .NET最新文章

热门教程

热门工具

登录关闭

散列和腌制密码来保护对字典攻击？ [英] Are hashed and salted passwords secure against dictionary attacks?

问题描述

推荐答案

相关文章

ASP .NET最新文章

热门教程

热门工具

登录 关闭

登录关闭