在 Rails 的 has_secure_password 中盐是如何工作的 [英] How does salt work in Rails' has_secure_password

问题描述

根据我对加盐的理解以使加密密码更安全，我将生成一个随机数(盐)并将其与散列密码一起存储在用户记录中(例如).我将连接盐使用明文密码，然后对其进行加密(散列).由此产生的散列将更难以破解.将重复此过程以验证密码.

From what I understand from salting to make an encrypted password more secure, I would generate a random number (the salt) and store it along side the hashed password, in the user record (for example.) I would concatenate the salt with the plaintext password and then encrypt it (hash). The resulting hash would be much more difficult to crack. This process would be repeated to verify the password.

查看 has_secure_password 和bcrypt_ruby(披露:我不是安全专家)我不知道这是如何完成的，因为用户记录中存储的唯一内容是散列密码.盐在哪里?

Looking at has_secure_password and bcrypt_ruby (disclosure: I am not a security expert) I don't see how that is done, as the only thing stored in the user record is the hashed password. Where's the salt?

推荐答案

密码 hash 和 salt 保存在数据库中名为 password_digest 的字符串列中.请参阅此问题.

The password hash and salt are saved in a string column called password_digest in the database. See this question.

这篇关于在 Rails 的 has_secure_password 中盐是如何工作的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！