在Bcrypt之前使用512哈希吗? [英] Using 512-hash before Bcrypt?

问题描述

我想在系统中使用Bcrypt进行密码加密.但是所有示例都是这样的:

I want to use Bcrypt for the password encryption in my systems. But all the examples are something like this:

$password = $_POST['password'];
$salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
$hash = crypt($password, '$2a$12$'.$salt);

这对我来说似乎很安全，但是我想知道，在每个示例中，没有人在使用Bcrypt之前哈希该密码.

This looks pretty safe to me, but I was wondering, in each example, nobody hashes the password before using Bcrypt.

由于存在独特的盐，Rainbow表不应立即破解所有密码.但是，如果黑客获得一条记录并用该特定记录的盐创建一个彩虹表，则他应该能够破解一个弱密码.

Due to the unique salt, Rainbow tables shouldn't be able to crack all the passwords at once. But in case the hacker takes one record and creates a rainbow table with the salt of that particular record, he should be able to crack a weak password.

因此，如果有人使用弱密码(例如"foo")，则在使用Bcrypt之前先使用SHA-512对其进行哈希处理会更安全.我对吗?还是看起来更安全?

So if someone takes a weak password (let's say 'foo'), it would be safer to hash it first with SHA-512 before using Bcrypt. Am I right? Or is this just looking safer?

推荐答案

实际上，答案必须是否，在密码学意义上，它不会使哈希显着更强.您可能知道，bcrypt(尽管使用的函数名为crypt)本身就是一个哈希函数，而不是加密函数.

Actually the answer has to be no, it doesn't make the hash significant stronger in a cryptographically sense. As you probably know, bcrypt (although the function to use is named crypt) is a hash function itself, not an encryption function.

在bcrypt中，您传递了一个成本因子，该因子定义了将要完成的迭代次数(通常为数百次). 减慢的哈希计算，这使得蛮力攻击变得不切实际.以前使用SHA-512，只会再增加一个迭代.

In bcrypt you pass a cost factor, which defines, how many iterations will be done (normally hundreds of them). That slows down calculation of the hash, what makes brute force attacks impracticable. Using SHA-512 before, will only add one iteration more.

您对盐的说法是正确的，但是当然，如​​果您必须为每个密码建立一个彩虹表，则只需进行蛮力操作，直到找到匹配项，就无需构建整个彩虹桌.

What you said about the salt is correct, but of course if you have to build a rainbow table for each password, you will simply brute force until you have found a match, no need to build the whole rainbow table.

如果攻击者可以控制数据库和代码，则额外的SHA-512根本无济于事(仅一次迭代就可以了).如果他只有没有代码的数据库(SQL注入)，那么他将识别bcrypt哈希.他现在可以使用bcrypt进行暴力破解，但是由于SHA-512的存在，没有弱密码.就像SHA-512哈希将是要破解的密码一样，因此字典是没有用的.这是出于安全的考虑，但是只要不知道该代码，它就会生效.在将bcrypt与唯一的盐一起使用之前，通过添加固定的硬编码盐(密钥)，可以更轻松地获得相同的效果.

If the attacker has control over database and code, an additional SHA-512 will help nothing at all (only a single iteration more). If he has only the database without code (SQL-Injection), then he will recognize the bcrypt hash. He can now brute force with bcrypt, but because of the SHA-512 there aren't any weak passwords. It's like the SHA-512 hash would be the password to crack, so a dictionary is of no use. This is security by obscurity, but will be effective as long as the code is not known. You can get the same effect easier, by adding a fix hard coded salt (key), before using bcrypt with the unique salt.

这篇关于在Bcrypt之前使用512哈希吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！