bcrypt如何比增加SHA迭代的数量更多的未来证明？ [英] How is bcrypt more future proof than increasing the number of SHA iterations?

问题描述

我一直在研究bcrypt哈希，当然是该计划的适应性的大好处之一。然而，它如何是自适应，而不是简单地增加你对一个SHA-1哈希的迭代量？说，而不是SHA-1散列值1000倍，你增加到10,000迭代。这不是实现同样的目标吗？什么使bcrypt更适应？

I've been researching bcrypt hashing, and of course one of the large benefits of the scheme its "adaptiveness". However, how is it anymore adaptive than simply increasing the amount of iterations you make over a SHA-1 hash? Say, instead of SHA-1 hashing a value 1000 times, you increase it to 10,000 iterations. Isn't this achieving the same goal? What makes bcrypt more adaptive?

推荐答案

使用散列函数进行许多迭代有一些微妙之处，因为必须有某种salting涉及，并且因为现有的散列函数不是随机的，因为可以期望的;因此必须注意，在这种情况下，您最终会遇到 PBKDF2 。 PBKDF2是为密钥派生而设计的，这与密码哈希不完全一样，但事实证明它也很好用。

Making many iterations with a hash function has a few subtleties, because there must be some kind of "salting" involved, and because existing hash functions are not as "random" as what could be hoped for; so care must be taken, in which case you end up with PBKDF2. PBKDF2 was designed for key derivation, which is not exactly the same than password hashing, but it turned out to be quite good at it too.

bcrypt比具有SHA-1的PBKDF2具有（轻微的）优点，因为bcrypt是从 Blowfish < a>块密码。具有许多迭代的点是使密码处理缓慢，并且特别地，攻击者缓慢。我们容忍该功能对于正常的，诚实的系统是缓慢的，因为它阻碍了大量的密码猜测。但是攻击者可以使用正常系统不使用的硬件，例如，一个可编程GPU ，它对适合那种硬件的计算提供了很大的帮助。 Blowfish和bcrypt使用基于RAM的查找表（在处理期间修改的表）;这样的表对于通用CPU容易处理，但在GPU上相当麻烦;因此，bcrypt有点阻碍了攻击者使用GPU的处理增强。这是一个奖金，使得bcrypt比PBKDF2更适合密码存储。

bcrypt has a (slight) advantage over PBKDF2-with-SHA-1 in that bcrypt is derived from the Blowfish block cipher. The point of having many iterations is to make the password processing slow, and, in particular, slow for the attacker. We tolerate that the function is made slow for the normal, honest systems, because it thwarts extensive password guessing. But an attacker may use hardware which the normal system does not use, e.g. a programmable GPU, which gives quite a boost to computations which fit well on that kind of hardware. Blowfish and bcrypt use RAM-based lookup tables (tables which are modified during the processing); such tables are easy to handle for a general purpose CPU, but quite cumbersome on a GPU; thus, bcrypt somewhat hinders processing enhancement by the attacker with GPU. That's a bonus which makes bcrypt a bit more desirable for a password storage than PBKDF2.

这篇关于bcrypt如何比增加SHA迭代的数量更多的未来证明？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！