许多哈希迭代：每次附加salt？ [英] Many hash iterations: append salt every time?

问题描述

我已经使用unsalted md5 / sha1很长一段时间，但因为这种方法不是真的安全（随着时间的推移越来越不安全）我决定切换到salted sha512。此外，我想通过使用许多迭代（例如100）减慢哈希的生成。

我的问题是，我应该在每次迭代附加盐，开始。以下是两种可能的代码：

  >  // some nice big salt 
 $ salt = hash（$ algorithm，$ salt）; 
 
 // apply $ algorithm $ run times for slowdown 
 while（$ runs-）{
 $ string = hash（$ algorithm，$ string。$ salt，$ raw ）; 
} 
 
 return $ string; 
  

追加一次：

  //添加一些漂亮的大盐
 $ string。= hash（$ algorithm，$ salt）; 
 
 // apply $ algorithm $ run times for slowdown 
 while（$ runs--）{
 $ string = hash（$ algorithm，$ string，$ raw）; 
} 
 
 return $ string; 
  

我首先想使用第二个版本（追加一次），但后来发现一些脚本时间。

所以，我想知道每次添加它是否都会增加一些强度。例如，攻击者可能会发现一些聪明的方法来创建一个100倍的Sha512函数，比简单的执行sha512 100倍更快？

解决方案

总之：是的。去第一个例子...哈希函数可以丢失熵如果反馈到自己没有添加原始数据（我现在不能找到一个参考，我会继续寻找）。

为了记录，我支持散列多次。

生成500毫秒的哈希不会对你的服务器太慢（考虑到生成哈希通常不是绝大多数请求）。但是，需要这么长时间的散列会显着增加生成彩虹表所需的时间...

是的，它暴露了DOS漏洞，但它也防止暴力攻击（或至少使它们禁止缓慢）。绝对有一个权衡，但对某些益处超过风险...

对整个过程的参考（更像一个概述）：加强键

至于退化的碰撞，来源我可以找到到目前为止这个讨论 ...

还有一些关于这个话题的讨论：

1. HEKS提案


2. SecurityFocus blog on hashing


3. 关于Oracle密码冲突算法的论文

更多链接：

1. Wiki上的PBKDF2


2. PBKDF2标准


3. 适用的电子邮件主题


4. 刚刚哈希离开了足够的博客

有很多结果。如果你想要更多，Google 哈希扩展 ...有很多好的信息在那里...

I have used unsalted md5/sha1 for long time, but as this method isn't really secure (and is getting even less secure as time goes by) I decided to switch to a salted sha512. Furthermore I want to slow the generation of the hash down by using many iterations (e.g. 100).

My question is whether I should append the salt on every iteration or only once at the beginning. Here are the two possible codes:

Append every time:

// some nice big salt
$salt = hash($algorithm, $salt);

// apply $algorithm $runs times for slowdown
while ($runs--) {
    $string = hash($algorithm, $string . $salt, $raw);
}

return $string;

Append once:

// add some nice big salt
$string .= hash($algorithm, $salt);

// apply $algorithm $runs times for slowdown
while ($runs--) {
    $string = hash($algorithm, $string, $raw);
}

return $string;

I first wanted to use the second version (append once) but then found some scripts appending the salt every time.

So, I wonder whether adding it every time adds some strength to the hash. For example, would it be possible that an attacker found some clever way to create a 100timesSha512 function which were way faster than simply executing sha512 100 times?

解决方案

In short: Yes. Go with the first example... The hash function can lose entropy if feed back to itself without adding the original data (I can't seem to find a reference now, I'll keep looking).

And for the record, I am in support of hashing multiple times.

A hash that takes 500 ms to generate is not too slow for your server (considering that generating hashes are typically not done the vast majority of requests). However a hash that takes that long will significantly increase the time it will take to generate a rainbow table...

Yes, it does expose a DOS vulnerability, but it also prevents brute force attacks (or at least makes them prohibitively slow). There is absolutely a tradeoff, but to some the benefits exceed the risks...

A reference (more like an overview) to the entire process: Key Strengthening

As for the degenerating collisions, the only source I could find so far is this discussion...

And some more discussion on the topic:

1. HEKS Proposal
2. SecurityFocus blog on hashing
3. A paper on Oracle's Password Hashing Algorithms

And a few more links:

1. PBKDF2 on WikiPedia
2. PBKDF2 Standard
3. A email thread that's applicable
4. Just Hashing Is Far From Enough Blog Post

There are tons of results. If you want more, Google hash stretching... There's tons of good information out there...

这篇关于许多哈希迭代：每次附加salt？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！