硬编码的密码是否应该加盐/散列? [英] Should hardcoded passwords be salted/hashed?
问题描述
关于简单,无数据库的登录系统,StackOverflow上有很多问题.我正想在最近使用的上建议一种盐腌的散列方法,当时我想:这样做真的有意义吗?那?".
There are many questions on StackOverflow about simple, database-less login systems. I was about to suggest a salted hash approach on a recent one, when I thought: "does it really make sense to do that?".
多年以来,我一直在数据库中存储盐腌哈希,并且我理解为什么它更安全:如果数据库遭到破坏,则其中包含的信息将不允许任何人登录到我的系统(与我存储纯文本时不同)数据库中的密码).
I have been storing salted hashes on databases for years, and I understand why it's more secure: if the database is compromised, the information it contains won't allow anyone to log into my system (unlike if I were storing plain text passwords in the db).
但是在不涉及数据库的设置中,哈希加盐分是否提供任何安全优势?我能想到的唯一原因是,如果攻击者获得了对我的服务器端代码的只读访问权限,则将无法找出任何密码.这可能吗?因为一旦攻击者获得了对文件的写访问权,他就可以做任何事情.
But in a setup that does not involve a database, does hashing+salting offer any security benefits? The only reason I can think of is, if an attacker gains read-only access to my server-side code, it won't be possible to figure out any passwords. Is this a likely scenario? Because as soon as the attacker gains write access to the files, he can do anything.
所以我的问题是:在建立非常简单的无数据库登录系统时,密码应该加盐/散列还是仅以纯文本格式存储?
So my question is: when setting up very simple, database-less login systems, should passwords be salted/hashed, or just stored as plain-text?
推荐答案
我认为,如果您能找到答案,与攻击者相比,我的源代码被阅读的可能性大大小于是数据库吗?".
I think the question is answered for you if you can figure out the answer to, "is my source code significantly less likely to be read by an attacker, than is a database?".
我建议不是这样-也许您的源泄漏的可能性较小,这取决于事物的备份方式等.即使如此,我也怀疑泄漏的可能性要小得多,因此您可以忽略风险您不会忽略数据库的相同风险.数据库中的密码应加盐/散列的原因不是数据库具有某些特殊属性,这意味着攻击者可以查看其内容[*],而是攻击者可以以一种或另一种方式查看各种事物.
I would suggest that it is not -- perhaps your source is somewhat less likely to leak, depending how things are backed up etc. Even so I doubt that it's so much less likely to leak that you can neglect the risk, given that you do not neglect the same risk for databases. The reason that passwords in database should be salted/hashed isn't that there's some special property of databases that means attackers can view their contents[*], it's that attackers can get a look at all kinds of things, one way or another.
实际上,鉴于在系统上工作的任何人都可能需要访问源代码,而并非每个在系统上工作的人都必须访问数据库,因此源代码甚至比数据库泄漏的可能性甚至更大.活动数据库的内容.我并不是说您的开发人员是不诚实的(如果确实如此,则您的问题比密码泄露更严重),仅仅是围绕共享源的物流可能会引入比意外备份多的(或只是不同的)偶然泄露的方式.数据库.
In fact source code might even be more likely to leak than a database, given that anyone working on the system might need access to the source, whereas not everyone working on a system necessarily needs access to the contents of the live DB. Not that I think your developers are dishonest (if they are, you have worse problems than the password leaking), just that the logistics around sharing source might introduce more (or just different) ways it can accidentally leak, than the logistics around backing up a DB.
就您个人而言,我会在服务器上创建一个小文件,其中包含散列/加盐的密码,几乎没有其他内容.安装应用程序不同实例的用户可以生成自己的此文件版本,其中包含自己的密码,与实际的应用程序代码分开.他们应该使用与源代码相同的写访问限制来锁定它.
Personally, in your situation I would create a small file on the server containing the hashed/salted password and approximately nothing else. Users installing different instances of the app can generate their own versions of this file, containing their own password, separate from the actual application code. They should lock it down with the same write-access restrictions as they do the source code.
您将此文件称为只读数据库"还是服务器代码的一部分"都不会影响攻击者查看它的难易程度,尽管这可能会影响您是否将密码称为硬编码".
Whether you call this file "a read-only database" or "part of the server code" doesn't affect how easy it is for an attacker to view it, although it might affect whether you refer to the password as "hard-coded".
[*]当然,对于特定的数据库,SQL注入攻击或其他任何方式,都存在潜在的缺陷.这些不是决定对数据库密码进行加密和哈希处理的决定性原因.
[*] of course there are potential flaws that are special to particular databases, SQL injection attacks or whatever. Those are not the decisive reason why passwords in databases should be salted and hashed.
这篇关于硬编码的密码是否应该加盐/散列?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
