更改现有数据库上的哈希函数 [英] Changing the hashing function on a pre-existing database

问题描述

我正在做一些有关密码散列的阅读.我已经看到SHA-256> MD5. 这让我开始思考应用程序如何处理从一个哈希函数到另一个哈希函数的变化.如果有人实现了使用MD5哈希密码的应用程序，会发生什么情况.然后，他们决定使用SHA-256.但是，当然，存储在数据库中的密码哈希在MD5中.

I'm doing a bit of reading on hashing for passwords. I've seen that SHA-256 > MD5. This got me thinking about how an app may deal with changing from one hashing function to another. What happens if someone implements an app that hashes their passwords using MD5. They then decide that SHA-256 is the way to go. But of course the password hashes stored in the database are in MD5.

将数据库中的数据从一种哈希函数迁移到另一种哈希函数的过程是什么?

What is the process for migrating the data in the database from one hashing function to another?

推荐答案

不可能散列"密码(至少不能以一种通用，有效和可靠的方式-您可以猜测)一些密码，这就是攻击者所做的事情，而您正是想从MD5迁移，因为攻击者可能会取得一些成功).因此，迁移将随着时间而分散:某些密码将使用MD5进行哈希处理，而其他密码将使用SHA-256进行哈希处理.当要验证密码时:

It is not possible to "unhash" passwords (at least not in a general, efficient and reliable way -- you can guess some passwords, that's what attackers do, and you want to migrate from MD5 precisely because attackers may have some success at it). So the migration will be spread over time: some passwords will be hashed with MD5, other with SHA-256. When a password is to be verified:

• 如果知道该密码的SHA-256，则使用SHA-256.此密码已被迁移.
• 否则，将使用MD5来检查密码.如果匹配，则密码是和，因为该应用当时已知道该密码，所以该应用还会使用SHA-256哈希该密码，并 replaces 数据库中带有SHA-256哈希的MD5哈希.

• If the SHA-256 of that password is known, SHA-256 is used. This password is already migrated.
• Otherwise, MD5 is used to check the password. If it matches, then the password is good, and, since the password is known by the app at that time, the app also hashes the password with SHA-256 and replaces the MD5 hash with the SHA-256 hash in the database.

因此，密码是动态迁移的；要完全摆脱MD5，您必须等待很长时间和/或销毁长时间未访问的帐户.您需要能够将MD5哈希与SHA-256哈希区分开，这很容易，因为它们具有不同的大小(MD5为16字节，SHA-256为32字节).您还可以添加一个标志或任何其他类似的头.

Thus, passwords are migrated dynamically; to get totally rid of MD5, you have to wait a long time and/or destroy accounts which have not been accessed for a long time. You need to be able to distinguish a MD5 hash from a SHA-256 hash, which is easy since they have distinct sizes (16 bytes for MD5, 32 bytes for SHA-256). YOu could also add a flag or any other similar gimmick.

请注意，使用哈希函数的原始单个应用程序对密码进行哈希处理是一种非常糟糕的方法，从安全角度而言，用SHA-256替换MD5并不会真正改善.您对密码进行哈希处理，这样，获得对数据库的读取访问权限的攻击者就不会自己学习密码.为了真正防止攻击者猜测密码，您还需要盐"(每个密码的随机数据，与散列密码一起存储)和适当的 slow 散列函数(即成千上万(可能是数百万)的嵌套哈希函数调用).有关详细信息，请参见此答案.简短的答案:由于您正在设想迁移，因此请明智地做并迁移到 bcrypt ，而不是SHA-256(请参见该答案(在security.stackexchange上).

Please note that hashing passwords with a raw single application of a hash function is a pretty lousy way of doing it, security-wise, and replacing MD5 with SHA-256 will not really improve things. You hash passwords so that an attacker who gains read access to the database will not learn the passwords themselves. To really prevent the attacker from guessing the passwords, you also need "salts" (per-password random data, stored alongside the hashed password) and a suitably slow hash function (i.e. thousands, possibly millions, of nested hash function invocations). See this answer for details. The short answer: since you are envisioning migration, do the smart thing and migrate to bcrypt, not SHA-256 (see that answer on security.stackexchange).

这篇关于更改现有数据库上的哈希函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！