使用密码作为salt的md5散列？ [英] md5 hashing using password as salt?

问题描述

  md5（$ password.md5（$ password））
  

<这对密码哈希来说足够好了吗？我并不是要求将这个与bcrypt进行比较。

如果不安全，请告诉我为什么。

md5（12345.md5（12345））并查看它是否与任何条目匹配。

据我所知，您可以在密码表中使用四种哈希级别：

1. 无 - 将密码存储为纯文本。如果有人得到您的数据库的副本，他们有权访问所有帐户。纯文本不好，'mkay？


2. 哈希密码 - 存储密码的哈希值，并丢弃真实密码。如果有人得到您的数据库的副本，他们看不到任何密码，只有哈希值。 然而，如果任何用户使用了弱密码，那么他们的哈希将出现在彩虹表中。例如，如果用户具有密码password，则存储在数据库中的md5散列将是5f4dcc3b5aa765d61d8327deb882cf99。如果我在诸如 gromweb.com 那样的彩虹表中查找哈希，它会吐出outpassword。


3. 使用salt值 - 选择一个像GUID那样的大型随机字符串并将其存储在您的配置文件中。计算散列值之前，将该字符串附加到每个密码。现在彩虹表不太可能工作，因为它可能不会有password59fJepLkm6Gu5dDV或picard59fJepLkm6Gu5dDV的条目。虽然预先计算好的彩虹桌不再有效，但如果攻击者知道你的盐分值，你仍然可能受到影响。攻击者可以计算一个弱密码加上你的salt的散列值，并查看数据库中的任何用户是否使用该弱密码。如果你有几千个用户，那么每个哈希计算都可以让攻击者进行几千个比较。如何实际使用salt可能取决于您使用的加密算法。为了简单起见，可以将它想象为将盐和密码附加在一起。


4. 使用不同的salt值 - 现在您可以使用不同的用户名，电子邮件地址或用户标识，并将其与密码并在计算散列之前从配置文件中获取大的随机字符串。现在，知道您的盐的攻击者仍需重新计算每个用户的散列，以查看他们是否使用了像password这样的弱密码。
   

有关更多详细信息，请查看Coding Horror帖子，你可能会错误地存储密码。

md5($password.md5($password))

is this good enough for password hashing? I am not asking for comparing this to something like bcrypt.

if it is not secure, tell me why.

解决方案

The reason to use a different salt for each user's password is so that an attacker can't take a list of all the hashed passwords and see if any of them match the hash of something easy like "password" or "12345". If you were to use the password itself as salt, then an attacker could calculate md5("12345".md5("12345")) and see if it matched any entries.

As I understand it, there are four levels of hashing you can use on a password table:

1. None - store the password as plain text. If someone gets a copy of your database, they have access to all accounts. Plain text is bad, 'mkay?
2. Hash the password - store the hash of the password, and throw away the real password. If someone gets a copy of your database, they can't see any passwords, only hashes. However, if any users have used weak passwords, then their hashes will appear in rainbow tables. For example, if a user has the password "password", then an md5 hash stored in the database would be "5f4dcc3b5aa765d61d8327deb882cf99". If I look up that hash in a rainbow table like the one at gromweb.com, it spits out "password".
3. Use a salt value - choose a large random string like a GUID and store it in your configuration file. Append that string to every password before calculating a hash. Now the rainbow table is far less likely to work because it probably won't have an entry for "password59fJepLkm6Gu5dDV" or "picard59fJepLkm6Gu5dDV". Although precalculated rainbow tables are not as effective anymore, you can still be susceptible if the attacker knows your salt value. The attacker can calculate the hash of a weak password plus your salt and see if any user in your database uses that weak password. If you've got several thousand users, then each hash calculation lets the attacker make several thousand comparisons. How you actually use the salt may depend on the encryption algorithm you're using. For simplicity, just imagine it as appending the salt and the password together.
4. Use a distinct salt value - now you take something distinct like the user name, e-mail address, or even user id, and combine that with the password and the large random string from your configuration file before you calculate the hash. Now an attacker who knows your salt still has to recalculate the hash for every user to see if they have used a weak password like "password".

For more details, check out the Coding Horror post, "You're probably storing passwords incorrectly".

这篇关于使用密码作为salt的md5散列？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！