密码哈希 [英] Password Hashing

问题描述

我正在创建一个存储用户密码的Web应用程序。我想知道程序员可以用来哈希密码的最佳方法/算法是什么？

I am creating a web application which stores users passwords. I was wondering what are the best methods / algorithms that a programmer can use to hash passwords?

推荐答案

诸如< a href = http://en.wikipedia.org/wiki/Bcrypt rel = nofollow> bcrypt 或 PBKDF2 通常被认为比普通哈希更好，因为破解它们需要更多资源。这样做的缺点是生成和验证它们也需要更多的资源。 您的资源。

Key strengthening techniques such as bcrypt or PBKDF2 are generally considered better than plain hashes since cracking them requires more resources. The downside of this is that generating and verifying them also requires more resources; your resources.

无论您选择哪种算法，始终使用适合的，按用户使用的盐。

Regardless of exactly which algorithm you choose, always use a suitable, per-user salt.

这篇关于密码哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！