我可以通过对现有的MD5哈希值加盐并使用Scrypt或PBKDF2 HMACSHA256对结果进行哈希值来提高MD5哈希密码的安全性吗? [英] Can I improve the security of MD5 hashed passwords by salting the existing MD5 hash and hash the result using Scrypt or PBKDF2 HMACSHA256?
问题描述
我有一个使用MD5进行盐析和哈希处理的旧密码数据库.我想更新系统,以使数据更安全.
I have a database of legacy passwords that were salted and hashed using MD5. I would like to update the system so that the data is more secure.
第一种选择是,当用户登录并在一段时间后停用旧用户时,将用户转换为新的哈希方案(Salt + Scrypt或PBKDF2 HMACSHA256),因此他们必须使用密码恢复功能,该功能将自动更新他们的哈希值.
The first option is to transition the users to a new hashing scheme (Salt + Scrypt or PBKDF2 HMACSHA256) when they login and deactivate old users after a certain period of time so they have to use the password recovery feature which would automatically update their hash.
另一个让我立即升级每个人的选项是采用现有的MD5哈希,为每个哈希添加新的随机盐值,然后使用新的哈希方案(Salt + Scrypt或PBKDF2 HMACSHA256)对结果进行哈希处理将该值存储到数据库中并删除旧值.
Another option that would allow me to instantly upgrade everyone would be to take the existing MD5 hashes, add a new random salt value to each, and then hash the result using the new hashing scheme (Salt + Scrypt or PBKDF2 HMACSHA256) and store that value to the database and delete the old value.
然后,当用户登录时,我将必须应用旧方法,然后应用新方法.我更喜欢第二个选项,因为它使我能够迟早从数据库中删除所有旧的不安全哈希.
Then when users login, I would have to apply the old, and then the new method. I like the second option better since it allows me to remove all the old insecure hashes from the database sooner than later.
添加盐和重新哈希现有的哈希值是否安全? MD5是否是如此损坏,以至于我可以运行一个脚本来对哈希值进行散列并使用新方案重新散列它们?
Is it secure to salt and rehash the existing hashes? Is MD5 so broken that I can run a script to de-hash the passwords and rehash them using the new scheme?
也许最好的解决方案是将这两种选择结合起来?这样,我不必在数据库中保留不安全的现有MD5哈希,并且可以在一段时间内将用户迁移到新系统吗?
Or maybe the best solution is to do a combination of both options? This way I don't have to leave the existing MD5 hashes unsecured in the database and I can migrate users to the new system for a period of time?
推荐答案
MD5并不是很破损,您可以轻松地对所有密码进行散列处理,但是假设密码的质量不太好,那么您可能会蛮横强制将它们转换为更安全的新格式. MD5的损坏是因为它的长度相对较短(碰撞表面更多)并且计算简单(意味着蛮力攻击比运行时间复杂度更高的算法(例如SHA2)更可行)
MD5 is not so broken that you can de-hash all the passwords easily, but assuming the quality of the passwords isn't too good then you could probably brute force them and convert them to the new, more secure format. The brokenness of MD5 results from it's relatively small length (more collision surface) and it's computationally simple calculation (meaning brute force attacks are more feasible than algorithms that have larger run-time complexity such as SHA2)
如果您是我,那么我将按照您列出的两种方法进行操作(因为正如您所提到的,快速转移密码对于数据库被黑很重要).首先,我将蛮力强制使用所有蛮横的MD5密码并将其转换为新格式.我过去曾经这样做过,到目前为止,最好的结果是使用 HashCat (最好使用Cuda或OCL口味,因为它们使用GPU,速度提高了200倍).如果Hashcat太难了(学习曲线可能很陡峭),请尝试
If I were you I'd do both methods you listed (because as you mentioned, getting the passwords moved over quickly is important in case your DB is hacked). First I would brute force all the brute forcible MD5 passwords and convert them to the new format. I have done this in the past, and by far the best results have been using HashCat (the Cuda or OCL flavors preferably since they use the GPU and are 200 times faster). If Hashcat is too difficult (the learning curve can be steep), then try John the Ripper. It is a lot slower than HashCat but it's a lot easier to use.
对于您无法破解的密码,请使用户帐户过期并让他们重置密码.为了使您的用户更好,请在下次用户发送两个哈希值时将数据库中的密码更新为新格式.如果MD5检出,则将其销毁并用新格式替换.这些只是一些想法.
For the passwords that you can't crack, expire the user's account and have them reset the password. Or to be nicer to your users, just update the password in the database to the new format the next time they log in by sending both hashes. If the MD5 checks out, then destroy it and replace it with the new format. These are just some ideas.
忘记提及了,如果您只是想将MD5密码散列为新的格式,那将是很好的安全考虑,尽管这会给您的代码增加另一层复杂性,并且在存在复杂性的地方还有实现的空间缺陷.只是要考虑的事情.
Forgot to mention that if you want to just hash the MD5 passwords into the new format that would be just fine security-wise, though it adds another layer of complexity to your code, and where there is complexity there is room for implementation flaws. Just something to think about.
这篇关于我可以通过对现有的MD5哈希值加盐并使用Scrypt或PBKDF2 HMACSHA256对结果进行哈希值来提高MD5哈希密码的安全性吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
