为什么BCrypt.net GenerateSalt（31）马上返回？ [英] Why does BCrypt.net GenerateSalt(31) return straight away?

问题描述

我碰到BCrypt.net偶然读到存储密码 杰夫·阿特伍德的帖子后，害得我托马斯Ptacek的建议，<一个href=\"http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html\">use BCrypt 来存储密码。这最终导致我<一个href=\"http://derekslager.com/blog/posts/2007/10/bcrypt-dotnet-strong-password-hashing-for-dotnet-and-mono.ashx\">this C＃实现BCrypt 的

在上面的人的最后一个环节上的评论问：为什么GenerateSalt（30）采取永远，但GenerateSalt（31），似乎拿不出时间呢？

我跑BCrypt.HashPassword（密码，BCrypt.GenerateSalt（31）），并得到了我的结果在0毫秒。

我已经超过运行5分钟BCrypt.HashPassword（密码，BCrypt.GenerateSalt（30）），现在还没有结果。

我意识到我们可能并不需要一个随机生成的30个字符的盐来创建我们的密码哈希值（或<一个href=\"http://stackoverflow.com/questions/1561174/sha512-vs-blowfish-and-bcrypt#answer-1561245\">irreversible在BCrypt的情况下加密）多年。 修改我应该已经阅读code位，logRounds没有任何与盐长度。感谢Aaronaught。

那么，为什么GenerateSalt（31）返回一个值几乎瞬间（当它应该大约两倍采取只要GenerateSalt（30）？

更新

这里是修复：

 专用字节[] CryptRaw（字节[]密码，字节[]盐，诠释logRounds）{
    // ...略...
    UINT轮= 1U＆LT;＆LT; logRounds;
    // ... SNIP
}
 

解决方案

我怀疑是错误是在这里：

 专用字节[] CryptRaw（字节[]密码，字节[]盐，诠释logRounds）{
    // ...略...
    INT轮= 1＆LT;＆LT; logRounds;
    // ... SNIP
}
 

当您指定31 logRounds ，它计算，截至2 ^ 32，它不适合在 INT 和溢出，因此哈希实际上是在做......呃，零通行证。作者应该用 UINT 来代替。很容易解决！

---

也想对此发表评论：

  

我意识到我们可能并不需要一个随机生成的30个字符盐来创建我们的密码哈希...

请注意，该 logRounds 参数并不是指字符数/中的盐，这始终是16。它是指数的对数基字节通过散列将采取计算;换句话说，它是一种方法，使摩尔定律bcrypt规模，使得功能幅度来计算，如果电脑曾经得到足够快，以破解哈希现有的更加昂贵几个数量级。

I stumbled across BCrypt.net after reading Jeff Atwood's post about storing passwords which led me to Thomas Ptacek's recommendation to use BCrypt to store passwords. Which finally led me to this C# implementation of BCrypt

In the comments on the last link above someone asked "Why do GenerateSalt(30) take for ever, but GenerateSalt(31) seems to take no time at all?"

I ran BCrypt.HashPassword(password, BCrypt.GenerateSalt(31)) and got my result in 0 milliseconds.

I've been running BCrypt.HashPassword("password", BCrypt.GenerateSalt(30)) for over 5 minutes now and still do not have a result.

I realize we'll probably not need a randomly generated 30 character salt to create our password hashes (or irreversible encryption in BCrypt's case) for years. EDIT I should have read the code a bit, logRounds doesn't have anything to do with the salt length. Thanks Aaronaught.

So, why does GenerateSalt(31) return a value almost instantly (when it should take about twice as long as GenerateSalt(30)?

UPDATE

here is the fix:

private byte[] CryptRaw(byte[] password, byte[] salt, int logRounds) {
    // ... snip ...
    uint rounds = 1U << logRounds;
    // ... snip
}

解决方案

I suspect that the bug is here:

private byte[] CryptRaw(byte[] password, byte[] salt, int logRounds) {
    // ... snip ...
    int rounds = 1 << logRounds;
    // ... snip
}

When you specify 31 for the logRounds, it computes that as 2^32, which can't fit in an int and overflows, so the hash is actually done in... er, zero passes. The author should have used uint instead. Easy to fix!

---

Also wanted to comment on this:

I realize we'll probably not need a randomly generated 30 characters salt to create our password hashes...

Note that the logRounds parameter does not refer to the number of characters/bytes in the salt, which is always 16. It refers to the logarithmic base of the number of passes that the hash will take to compute; in other words it's a way to make bcrypt scale with Moore's Law, making the function several orders of magnitude more expensive to compute if computers ever get fast enough to crack existing hashes.

这篇关于为什么BCrypt.net GenerateSalt（31）马上返回？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！