使用Python盐化哈希密码(每个新密码使用不同的盐) [英] Salted Hashed Password with Python (Different salt for every new password)
问题描述
至于我在阅读和研究之后的理解,使用盐的目的应该是每个单一密码的不同盐。
As far as my understanding after reading and researching, the purpose of using salt is supposed to be a different salt for every single password to be stored.
如果使用相同的盐来存储所有密码,我可以理解如何实现这一点,因为我可以将盐存储到一个常量私有变量并使用它。但是不是这样的。
If the same salt is used for storing all password, I can understand how to implement this, as I could just store the salt to a constant private variable and use it. But, that's not the case.
虽然使用新的不同的盐来存储每个新密码是非常有意义的,但是我怎么想知道与哪个用户的密码相关联盐 ?我想到的快速解决方案是存储盐和用户的表属性,也许被称为盐,但这将失去的盐的目的,从第一个地方,如果太容易找到盐数据库。
Though it makes perfect sense for storing every new password with new different salt, but how do I suppose to know which user's password associated to which salt ? The quick solution I thought of, was to store the salt along with the user's table property, maybe called as 'salt', but that will lose the purpose of having the salt from the first place too if it's too easy to find the salt from the database.
任何人都可以这样做?
Can anyone advice on this ?
注意:我使用Python内建的库( hashlib )或Bycrypt( Cryptacular 或 Passlib )
NOTE: I'm using either Python built in library (hashlib) or Bycrypt (Cryptacular or Passlib)
推荐答案
我想到的快速解决方案是将salt与用户的表属性一起存储
The quick solution I thought of, was to store the salt along with the user's table property
你做。了解盐不会真正降低其利益:
That's exactly what you do. Knowing the salt doesn't really detract from their benefits:
- 数据库中相同的密码将有不同的哈希值。
- 彩虹表不会工作。
- 尝试与任何的哈希匹配的暴力攻击将会减慢。 li>
- Identical passwords in your database will have different hashes.
- Rainbow tables won't work.
- Brute-force attacks that attempt to match against any of your hashes will be slowed down.
这篇关于使用Python盐化哈希密码(每个新密码使用不同的盐)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
