您如何在现有的密码哈希中加盐? [英] How would you add salt to your existing password hashes?

问题描述

我有一个哈希密码数据库，在哈希密码之前没有添加盐.我想在新密码中加盐.显然，我无法重新哈希现有的.

I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can't re-hash the existing ones.

您将如何迁移到新的哈希系统?

How would you migrate to a new hashing system?

推荐答案

可以.只需将盐添加到现有的哈希中，然后再次对其进行哈希即可.当然，这将需要将来进行任何登录，都需要经过相同的过程，这意味着将需要调用两个哈希函数，但是无论如何，很多合法的模式都可以这样做，因此它的气味不会像您想象的那么糟糕.

Sure you can. Just add a salt to the existing hash and hash it again. Of course this will require any future logins to go through the same process meaning two hash functions will need to be called but lots of legitimate patterns do this anyway so it doesn't smell as bad as you might think.

为密码设置密码是为了防范彩虹表.在这种情况下，盐不必是秘密.

Salting a password is an effort to defend against rainbow tables. In this case the salt does not need to be a secret.

http://en.wikipedia.org/wiki/Rainbow_tables#Defense_against_rainbow_tables

您实际上可以在文章中看到

You can actually see in the article

hash = MD5 (MD5 (password) . salt)

与您将使用的方法完全相同. (除了其他哈希函数之外.)

Which is the same exact method you would be using. (Except a different hashing function.)

这篇关于您如何在现有的密码哈希中加盐?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！