盐什么是盐,盐是如何储存在Bcrypt中的? [英] What are Salt Rounds and how are Salts stored in Bcrypt?
问题描述
-
什么是盐'圆'?例如,在github文档中( https://github.com/kelektiv/node.bcrypt .js / )它使用了一个10轮盐。那是什么意思?
Bcrypt生成的盐总是相同的吗?例如,如果我将用户的散列密码保存到数据库中,那么它是用来为每个密码散列密码的盐吗? - salt是一个随机值,每次计算都会有所不同,所以即使对于相同的密码,结果也几乎不会相同。
- 盐通常以可读形式包含在生成的哈希串中。因此,存储哈希串也可以存储盐。有关详情,请参阅此答案。
What is a salt 'round'? For example, in the github docs (https://github.com/kelektiv/node.bcrypt.js/) it uses a salt round of 10. What does that mean exactly?
Is the salt generated by Bcrypt always the same? For example, if I am saving user's hashed passwords to a DB, is the salt that it used to hash the password the same for every password?
How is the salt stored? Is it secure from potential attacks?
- With "salt round" they actually mean the cost factor. The cost factor controls how much time is needed to calculate a single BCrypt hash. The higher the cost factor, the more hashing rounds are done. Increasing te cost factor by 1 doubles the necessary time. The more time is necessary, the more difficult is brute-forcing.
- The salt is a random value, and should differ for each calculation, so the result should hardly ever be the same, even for equal passwords.
- The salt is usually included in the resulting hash-string in readable form. So with storing the hash-string you also store the salt. Have a look at this answer for more details.
盐储存?它可以安全地抵御潜在的攻击吗? >盐轮实际上意味着成本因素。成本因子控制需要多少时间来计算单个BCrypt哈希。成本因素越高,哈希轮次就越多。将成本因素增加1倍必要的时间。需要的时间越多,暴力就越困难。
I'm trying to configure Bcrypt for a node app that I'm making and have several questions about salts that I hope someone here can help kindly answer.
这篇关于盐什么是盐,盐是如何储存在Bcrypt中的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!