如何正确存储密码*？ [英] How to store passwords *correctly*?

问题描述

我在SO提供的链接中发现了文章 其他文章，其中提供了 even 更多 文章等。

An article that I stumbled upon here in SO provided links to other articles which in turn provided links to even more articles etc.

最后，我完全被骗了 - 那么什么是最好的方式来存储密码在DB中？从我可以放在一起你应该：

And in the end I was left completely stumped - so what is the best way to store passwords in the DB? From what I can put together you should:

• 使用一个长的（至少128个完全随机位）salt，存储在纯文本next

但是...我读了更多关于密码学的知识，我更了解我并不真正理解任何东西，而我认为多年来的事情实际上是错误的。

But... the more I read about cryptography the more I understand that I don't really understand anything, and that things I had thought to be true for years are actually are flat out wrong. Are there any experts on the subject here?

已添加：似乎有些人缺少这一点。我重复上面给出的最后一个链接。这应该澄清我的关注。

Added: Seems that some people are missing the point. I repeat the last link given above. That should clarify my concerns.

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2007/july/enough-with-the-rainbow-tables-what-you

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2007/july/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/

推荐答案

您得到了对的。只有两个建议：

You got it right. Only two suggestions:

1. 如果有一天SHA1变得太弱并且你想使用别的东西，旧密码并用新方案重新加密。出于这个原因，我建议附加到每个密码一个版本号，告诉你你使用的方案（盐长度，哪个哈希，多少次）。如果有一天你需要从SHA切换到更强的，你可以创建新式密码，同时仍旧在数据库中有旧式密码，并仍然告诉他们。将用户迁移到新方案会更容易。

1. If one day SHA1 becomes too weak and you want to use something else, it is impossible to unhash the old passwords and rehash them with the new scheme. For this reason, I suggest that attached to each password a "version" number that tells you what scheme you used (salt length, which hash, how many times). If one day you need to switch from SHA to something stronger, you can create new-style passwords while still having old-style passwords in the database and still tell them apart. Migrating users to the new scheme will be easier.

密码仍然从用户到未加密的系统。如果这是一个问题，请查看 SRP 。

Passwords still go from user to system without encryption. Look at SRP if that's a problem. SRP is so new that you should be a little paranoid about implementing it, but so far it looks promising.

编辑：生成bcrypt打败我的想法数字1.存储的信息是（成本，盐，哈希），其中成本是多少次哈希已经完成。看起来bcrypt做了正确的事。增加散列次数，无需用户干预即可完成。

Turns out bcrypt beat me to it on idea number 1. The stored info is (cost, salt, hash), where cost is how many times the hashing has been done. Looks like bcrypt did something right. Increasing the number of times that you hash can be done without user intervention.

这篇关于如何正确存储密码*？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！