我们可以使用CNG(Windows密码学API)生成BCrypt/SCrypt/Argon2哈希密码吗? [英] Can we generate BCrypt / SCrypt / Argon2 hash password using CNG (Windows Cryptography API)?
问题描述
使用CNG(Windows密码学API:下一代)是否可以生成BCrypt/SCrypt/Argon2哈希密码?
Is it possible with the CNG (Windows Cryptography API: Next Generation) to generate BCrypt / SCrypt / Argon2 hash password ?
BCrypt是一种计算困难的算法,旨在存储通过单向哈希函数输入密码.您输入您的算法的密码以及有效(相对)后的密码计算,产生输出.自从上世纪90年代后期,该信息已受到严格审查安全/加密社区.它被证明是可靠和安全的随着时间的流逝.
BCrypt is a computationally difficult algorithm designed to store passwords by way of a one-way hashing function. You input your password to the algorithm and after significant (relative) computation, an output is produced. Bcrypt has been around since the late 90s and has handled significant scrutiny by the information security/cryptography community. It has proven reliable and secure over time.
Scrypt是对出现Bcrypt的相同模型的更新.加密被设计为依赖于高内存需求,而不是对计算能力的高要求.导致的认识这是因为专用计算机芯片(FPGA/ASIC/GPU)可能是攻击者大规模购买比大量购买更容易传统计算机的内存.
Scrypt is an update to the same model from which Bcrypt arose. Scrypt is designed so as to rely on high memory requirements as opposed to high requirements on computational power. The realization that lead to this, was that specialized computer chips (FPGA/ASICs/GPUs) could be purchased at scale by an attacker easier than could huge amounts of memory for a traditional computer.
推荐答案
简短回答
否.
CryptoAPI或下一代Crypto API(CryptNG)都不支持 bcrypt , scrypt 或 argon2
Neither CryptoAPI nor Crypto API Next Generation (CryptNG) support bcrypt, scrypt, or argon2
bcrypt是 blowfish 加密算法的自定义版本.CNG不支持河豚.即使是这样,bcrypt也会使用带有自定义昂贵" 密钥设置的bcrypt版本.
bcrypt is a customized version of the blowfish encryption algorithm. Blowfish is not supported by CNG. And even if it was, bcrypt uses a version of bcrypt with a custom "expensive" key setup.
scrypt是(几乎)PBKDF2,CNG支持 :
scrypt is (nearly) PBKDF2, which is supported by CNG:
Byte[] scrypt(String password, int DesiredNumberOfBytes, ...)
{
Byte[] salt = SpecialScryptSaltGeneration(password, ...)
return PBKDF2(password, salt, DesiredNumberOfBytes, 1);
}
,但 SpecialScryptSaltGenration 使用的是CNG中未包含的原语(ChaCha,Salsa/20).
but the SpecialScryptSaltGenration uses primitives not included in CNG (ChaCha, Salsa/20).
Argon2使用的自定义基元在任何地方都不存在.
Argon2 uses custom primitives that don't exist anywhere.
这篇关于我们可以使用CNG(Windows密码学API)生成BCrypt/SCrypt/Argon2哈希密码吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
