什么是“盐"?与MYSQL sha1有关时? [英] What is "salt" when relating to MYSQL sha1?
问题描述
与MYSQL sha1相关的盐"是什么?我不知道与sha1密码加密相关的是什么盐?有人可以解释一下吗?
What is "salt" when relating to MYSQL sha1? I have no idea what salt is when relating to sha1 password encryptions? Can someone please explain what it is?
推荐答案
盐是添加到您想要以一种哈希方式加密的密码(或其他机密)中的值.这意味着它可以在密码之前,之后或内部,只要它的位置和值与给定的提供的密码一致.
A salt is a value that is added to a password (or other secret) which you want to hash one way. This means it could be before, after, or somewhere inside the password, as long as its position and value is consistent for a given supplied password.
它的作用是减轻字典攻击(基本上是不加盐就预先加密的常用密码的字典),只要攻击者不知道哈希就可以习惯于猜测"一种单向密码.如果每个密码都有不同的哈希值,那么攻击者将很难创建一个针对破解密码而优化的字典(他们将需要一个字典来存储每个单独的盐,并且他们还需要知道盐在每个密码中的位置).
What this does is it mitigates dictionary attacks - basically dictionaries of common passwords pre-hashed with no salt - from being used to "guess" a one way password as long as the attacker does not know the hash. If every password has a different hash then it makes it very difficult for an attacker to create a dictionary optimized for cracking your passwords (they would need a dictionary for each separate salt and they would also need to know where the salt was placed in each password).
当然,要使所有这些都适用,攻击者必须首先将密码的哈希值放在首位.这与通过某些输入提示猜测密码来攻击密码无关.
Of course for all of this to be applicable an attacker must have the hashes of your passwords in the first place. This has nothing to do with attacking passwords by guessing them through some input prompt.
关于MySQL,如果您在哈希密码时提供了一个盐,请确保记录该盐在某处.然后,当用户尝试进行身份验证时,您可以将记录的盐值与密码(例如,在调用crypt的过程中)组合在一起,如果结果哈希匹配,则他们输入了正确的密码. (请注意,密码的哈希值在任何时候都不会反向;这是一种方式.)
Regarding MySQL specifically if you provide a salt when hashing a password, make sure you record what that salt was somewhere. Then when a user attempts authentication you combine that recorded salt value with the password (during the call to crypt for example) and if the resulting hash matches then they have entered the correct password. (Note that at no time is the hashing of a password reversed; thus one way.)
这篇关于什么是“盐"?与MYSQL sha1有关时?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
