HMAC SHA1对密钥和消息使用相同的值 [英] HMAC SHA1 using the same value for key and message

问题描述

我正在处理一些C#安全代码，当我看到它正在使用HMACSHA1类时将要替换它.该代码用于对存储在数据库中的密码进行哈希处理.引起我注意的是，它使用密码作为HMAC密钥，而这正是计算哈希值的原因.那么，将数据同时用于键和事物就可以了吗?这会使安全性变得更强或更弱吗?

I'm working on some C# security code and was about to replace it when I saw that it was using the HMACSHA1 class. The code is used to hash a password for storing in the database. The thing that caught my eye was that it uses the password as the HMAC key which is exactly what is computing the hash for. So is using the data for both the key and the thing your hashing OK? Does this make the security stronger or weaker?

伪代码:

string pwd = "My~!Cra2y~P@ssWord1#123$";

using (HMACSHA1 hasher = new HMACSHA1())
{
    hasher.Key = encoding.GetBytes(pwd); // using password for the key
    return BytesToHex(hasher.ComputeHash(encoding.GetBytes(pwd))); // computing the hash for the password
}

推荐答案

与两次迭代的无盐SHA1哈希值一样强.即非常虚弱.

It's about as strong as an unsalted SHA1 hash with two iterations. i.e. pretty weak.

缺乏盐分使攻击者可以创建彩虹表，或者只是同时攻击数据库中的所有密码哈希.

The lack of salt allows an attack to create rainbow tables, or simply attack all password hashes in your database at the same time.

低迭代次数使攻击快速进行，因为攻击者可以简单地尝试更多的候选密码.

The low iteration count makes the attack fast, since the attacker can simply try more password candidates.

您应该添加盐，并使用较慢的哈希方法，例如PBKDF2和bcrypt. .net类 Rfc2898DeriveBytes 实现PBKDF2，因此我建议使用那个.

You should add a salt, and use a slower hashing method, such as PBKDF2 and bcrypt. The .net class Rfc2898DeriveBytes implements PBKDF2, so I recommend using that one.

这篇关于HMAC SHA1对密钥和消息使用相同的值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！