保护哈希码? [英] protect hash code?
问题描述
我敢肯定,所有这一切都有一些根本的意义,可以简化我所缺少的整个概念,但这是可行的:
I'm sure there's something fundamental to all of this that simplifies the whole concept that I'm missing, but here goes:
好的,你加盐了吗?散列密码以提高安全性,但是执行密码的代码又如何呢?
OK, you salt & hash passwords for security, but what about the code that does it?
如果您在主机或vps上,某人"无法在此编译源b/c吗?或者,如果他们可以访问您的数据库,他们不能访问进行加密/解密并对其进行暴力破解的程序,直到他们获得算法为止?
If you're on a host or vps, can't "someone" get ahold of your source b/c you compiled it there? Or, if they can access your database, can't they access the program that does the encryption/decryption and bruteforce it until they get the algorithm?
我知道没有什么可以100%安全的,但是在这种情况下如何提高安全性呢?
I know nothing can ever be 100% secure, but how can security be improved in this context?
推荐答案
在您的数据遭到破坏的情况下,盐析会在某种程度上保护数据免受字典或彩虹表攻击.蛮力不是不可能的,但是会很慢,并且需要为每个密码哈希再次执行蛮力.如果不加盐,则蛮力攻击变得容易得多.
Salting will protect the data somewhat from a dictionary or rainbow table attack in the case that your data was compromised. Brute force is not impossible, but will be slow and will need to be performed again for each password hash. If salting was not done, brute force attacks become much easier to attain.
与某些人所说的相反,盐没有以任何特殊方式保护(也不是必需的),而是以纯文本形式出现在哈希表后面. 确实,但是对于每个哈希而言,它必须是唯一的,否则对于此用途而言,它将变得毫无意义.这与用于所有哈希且必须受到保护的胡椒形成对比.由于这种区别,除非保证不限制胡椒粉的摄取(不是一件容易的事),否则通常建议加盐.
Contrary to what some say, the salt is not protected in any special way (nor does it need to be), but is present in plain text as appended to the hash. It does however, need to be unique for each hash or it becomes pointless for this use. This is in contrast to a pepper that is used for all hashes and must be protected. Because of this distinction, salting is generally preferred unless access to the pepper is guaranteed to be restricted (not an easy task).
如果要提高安全性,请不要使用共享主机.并且不允许直接访问数据库.并且不允许未经预筛选的任何人访问您的系统.从实际意义上讲,这些并非总是可行的选择.所以只要用盐和它一起生活:)
If you want improved security, don't use a shared host. And don't allow direct access to the database. And don't allow anyone that hasn't been prescreened to access your system. In a practical sense, these aren't always viable options. So just use a salt and live with it :)
这篇关于保护哈希码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
