如何存储密码并检查身份验证? [英] how password is stored and check the authentication??
问题描述
我想问一下如何存储密码以及如何检查
身份验证?
我听说密码从未加密和解密,但它是
哈希。
例如,考虑一个简单的电子邮件登录验证哈希
表:
密钥:我的电子邮件地址
值:hash_function(我的计划文本密码)
hash_function会将我的密码哈希到某个数字。
当我登录时,它将有另一个功能来执行相反的操作。
如果(reverse_hash_function(我在登录屏幕上输入的密码)
== get_value(我的电子邮件地址))
然后更正密码
否则密码错误
我不知道这是否正确。请评论,并提出建议。
谢谢!!
I want to ask how password is stored and how to check the
authentication?
I have heard password is never encrypted and decrypted, but it is
hashed.
For example, consider a simple email logon authentication in a hash
table:
Key: my email address
Value: hash_function(my plan text password)
The hash_function will hash my password to some number.
When I logon, it will have another function to do the reverse.
If (reverse_hash_function(the password I enter on the logon screen)
== get_value(my email address))
Then Correct Password
Else Wrong Password
I don''t know if this is correct. Please comment, and advise.
thanks!!
推荐答案
jr********@hotmail.com 写道:
如果(reverse_hash_function(我在登录屏幕上输入的密码)
== get_value(我的电子邮件地址))
If (reverse_hash_function(the password I enter on the logon screen)
== get_value(my email address))
不可以像reverse_hash_function这样的东西。
你对密码用户输入的direct_hash_function和匹配结果
反对原始密码的哈希值。
ain''t no such thing as reverse_hash_function.
you do straight_hash_function on password user typed and match result
against hash of original password.
< br>
jr********@hotmail.com 写道:
我想问一下如何存储密码以及如何检查
身份验证?
我听说密码永远不会加密和解密,但是它是哈希的。
例如,考虑在哈希表中进行简单的电子邮件登录身份验证:
密钥:我的电子邮件地址值:hash_function(我的计划文本密码)
hash_function会将我的密码哈希到某个数字。
当我登录时,它将有另一个功能来执行反转。
如果(reverse_hash_function(我在登录界面输入的密码)
== get_value(我的邮箱地址))
然后更正密码
其他错误的密码
我不知道这是否正确。请评论,并提出建议。
谢谢!!
I want to ask how password is stored and how to check the
authentication?
I have heard password is never encrypted and decrypted, but it is
hashed.
For example, consider a simple email logon authentication in a hash
table:
Key: my email address
Value: hash_function(my plan text password)
The hash_function will hash my password to some number.
When I logon, it will have another function to do the reverse.
If (reverse_hash_function(the password I enter on the logon screen)
== get_value(my email address))
Then Correct Password
Else Wrong Password
I don''t know if this is correct. Please comment, and advise.
thanks!!
这篇文章在这个新闻组中是偏离主题的,它涉及C ++语言
问题,而不是特定的应用程序或平台依赖性。试试论坛
关于安全性或加密。
干杯! --M
This post is off-topic in this newsgroup, which deals with C++ language
issues, not specific applications or platform dependencies. Try a forum
about security or encryption.
Cheers! --M
>我想问一下如何存储密码以及如何检查
>I want to ask how password is stored and how to check the
身份验证?
哪个密码?我的一个以明文形式存储在Oracle数据库中。
我听说密码永远不会被加密和解密,但它是哈希的。
有些密码存储为明文密码的单向散列。
有些密码存储为明文。如何存储可能会对您使用的身份验证方法产生影响
。例如,将
密码存储为哈希值可能会导致无法使用某些需要明文密码存储的质询 - 响应
协议,但绝不会使用
TRANSMITTED,而UNIX风格的密码存储了一个哈希密码
但需要传输明文密码。
哪个更安全取决于设置的性质和
安全威胁。
例如,考虑在哈希表中进行简单的电子邮件登录身份验证:
密钥:我的电子邮件地址
价值:hash_function(我的计划文本密码)
hash_function会将我的密码哈希到某个数字。
当我登录时,它会有另一个功能反向执行。
authentication?
Which password? One of mine is stored in an Oracle database in plaintext.
I have heard password is never encrypted and decrypted, but it is
hashed.
Some passwords are stored as a one-way hash of the plaintext password.
Some are stored as clear text. How it is stored may have an effect
on the authentication method you use. For example, storing the
password as a hash may make it impossible to use some challenge-response
protocols which need the plaintext password STORED, but never
TRANSMITTED, while the UNIX-style crypt STORES a hashed password
but requires TRANSMISSION of the plaintext password.
Which is more secure depends on the nature of the setup and the
security threat.
For example, consider a simple email logon authentication in a hash
table:
Key: my email address
Value: hash_function(my plan text password)
The hash_function will hash my password to some number.
When I logon, it will have another function to do the reverse.
哈希函数通常是不可逆的 - 这就是使用它们的重点
。您发送纯文本密码和服务器
计算哈希值并将其与数据库中的内容进行比较。
如果匹配,您就进入了。
Gordon L. Burditt
Hash functions are generally NOT reversible - and that''s the point
of using them. You send the plain text password and the server
computes the hash and compares it against what''s in the database.
If it matches, you''re in.
Gordon L. Burditt
这篇关于如何存储密码并检查身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
