许多哈希迭代:每次附加salt? [英] Many hash iterations: append salt every time?
问题描述
我已经使用unsalted md5 / sha1很长一段时间,但因为这种方法不是真的安全(随着时间的推移越来越不安全)我决定切换到salted sha512。此外,我想通过使用许多迭代(例如100)减慢哈希的生成。
我的问题是,我应该在每次迭代附加盐,开始。以下是两种可能的代码:
> // some nice big salt
$ salt = hash($ algorithm,$ salt);
// apply $ algorithm $ run times for slowdown
while($ runs-){
$ string = hash($ algorithm,$ string。$ salt,$ raw );
}
return $ string;
追加一次:
//添加一些漂亮的大盐
$ string。= hash($ algorithm,$ salt);
// apply $ algorithm $ run times for slowdown
while($ runs--){
$ string = hash($ algorithm,$ string,$ raw);
}
return $ string;
我首先想使用第二个版本(追加一次),但后来发现一些脚本时间。
所以,我想知道每次添加它是否都会增加一些强度。例如,攻击者可能会发现一些聪明的方法来创建一个100倍的Sha512函数,比简单的执行sha512 100倍更快?
总之:是的。去第一个例子...哈希函数可以丢失熵如果反馈到自己没有添加原始数据(我现在不能找到一个参考,我会继续寻找)。
为了记录,我支持散列多次。
生成500毫秒的哈希不会对你的服务器太慢(考虑到生成哈希通常不是绝大多数请求)。但是,需要这么长时间的散列会显着增加生成彩虹表所需的时间...
是的,它暴露了DOS漏洞,但它也防止暴力攻击(或至少使它们禁止缓慢)。绝对有一个权衡,但对某些益处超过风险...
对整个过程的参考(更像一个概述):加强键
至于退化的碰撞,来源我可以找到到目前为止这个讨论 ...
还有一些关于这个话题的讨论:
更多链接:
有很多结果。如果你想要更多,Google 哈希扩展
...有很多好的信息在那里...
I have used unsalted md5/sha1 for long time, but as this method isn't really secure (and is getting even less secure as time goes by) I decided to switch to a salted sha512. Furthermore I want to slow the generation of the hash down by using many iterations (e.g. 100).
My question is whether I should append the salt on every iteration or only once at the beginning. Here are the two possible codes:
Append every time:
// some nice big salt
$salt = hash($algorithm, $salt);
// apply $algorithm $runs times for slowdown
while ($runs--) {
$string = hash($algorithm, $string . $salt, $raw);
}
return $string;
Append once:
// add some nice big salt
$string .= hash($algorithm, $salt);
// apply $algorithm $runs times for slowdown
while ($runs--) {
$string = hash($algorithm, $string, $raw);
}
return $string;
I first wanted to use the second version (append once) but then found some scripts appending the salt every time.
So, I wonder whether adding it every time adds some strength to the hash. For example, would it be possible that an attacker found some clever way to create a 100timesSha512 function which were way faster than simply executing sha512 100 times?
In short: Yes. Go with the first example... The hash function can lose entropy if feed back to itself without adding the original data (I can't seem to find a reference now, I'll keep looking).
And for the record, I am in support of hashing multiple times.
A hash that takes 500 ms to generate is not too slow for your server (considering that generating hashes are typically not done the vast majority of requests). However a hash that takes that long will significantly increase the time it will take to generate a rainbow table...
Yes, it does expose a DOS vulnerability, but it also prevents brute force attacks (or at least makes them prohibitively slow). There is absolutely a tradeoff, but to some the benefits exceed the risks...
A reference (more like an overview) to the entire process: Key Strengthening
As for the degenerating collisions, the only source I could find so far is this discussion...
And some more discussion on the topic:
And a few more links:
- PBKDF2 on WikiPedia
- PBKDF2 Standard
- A email thread that's applicable
- Just Hashing Is Far From Enough Blog Post
There are tons of results. If you want more, Google hash stretching
... There's tons of good information out there...
这篇关于许多哈希迭代:每次附加salt?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!