密码哈希:PBKDF2(使用sha512 x 1000)与Bcrypt [英] Password Hashing: PBKDF2 (using sha512 x 1000) vs Bcrypt

问题描述

我一直在阅读有关Gawker事件的信息，并且有几篇关于仅使用 bcrypt 散列密码，我想确保我的散列机制足够安全，可以避免切换到另一种方法.在我当前的应用程序中，我选择了使用sha2-512和最少1000次迭代的 PBKDF2 实现.

I've been reading about the Gawker incident and several articles have cropped up regarding only using bcrypt to hash passwords and I want to make sure my hashing mechanism is secure enough to avoid switching to another method. In my current application I have opted for a PBKDF2 implementation utilising sha2-512 and a minimum of 1000 iterations.

我可以就使用PBKDF2和Bcrypt征求意见吗?是否应该实施更改?

Can I ask for opinions on using PBKDF2 vs Bcrypt and whether or not I should implement a change?

推荐答案

您对PBKDF2很好，无需跳转到bcrypt.

You're good with PBKDF2, no need to jump to bcrypt.

尽管在2000年提出了使用1000次迭代的建议，但现在您想要更多.

Although, the recommendation to use 1000 iterations was made in year 2000, now you'd want much more.

此外，使用bcrypt时应多加注意:

Also, you should take more care when using bcrypt:

还值得注意的是，尽管对于大多数类型的密码，bcrypt比PBKDF2更强大，但对于较长的密码短语而言却落后于PBKDF2；这是由于bcrypt无法使用密码短语的前55个字符所致，而我们的估算费用和NIST的费用却不高.密码短语熵的估计值表明，bcrypt的55个字符的限制不是目前可能会导致问题的系统的实现者建议最好使用bcrypt来解决此限制(例如，通过预哈希处理"密码短语以使其适合55个字符的限制)或采取措施防止用户在第56个及以后的代码中放置过多的密码熵字符(例如，要求网站的用户在输入中输入密码)只能容纳55个字符的框.

It is also worth noting that while bcrypt is stronger than PBKDF2 for most types of passwords, it falls behind for long passphrases; this results from bcrypt’s inability to use more than the first 55 characters of a passphrase While our estimated costs and NIST’s . estimates of passphrase entropy suggest that bcrypt’s 55-character limitation is not likely to cause problems at the present time, implementors of systems which rely on bcrypt might be well-advised to either work around this limitation (e.g., by "prehashing" a passphrase to make it fit into the 55-character limit) or to take steps to prevent users from placing too much password entropy in the 56th and subsequent characters (e.g., by asking users of a website to type their password into an input box which only has space for 55 characters).

摘自scrypt论文[PDF]

也就是说，还有 scrypt

没有上述scrypt论文的表格，任何比较都是不完整的:

Any comparisons would be incomplete without the table from the scrypt paper mentioned above:

使用的PBKDF2-HMAC-SHA256的迭代计数为86,000和4,300,000.

Iteration counts for PBKDF2-HMAC-SHA256 used there are 86,000 and 4,300,000.

这篇关于密码哈希:PBKDF2(使用sha512 x 1000)与Bcrypt的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！