使用随机盐改进密码散列 [英] Improve password hashing with a random salt

问题描述

我正在创建一个网站，我正在尝试决定如何加密用户密码以将它们存储在 SQL 数据库中.

I'm starting a website and I'm trying to decide how to encrypt user passwords to store them in a SQL database.

我意识到使用简单的 md5(密码)是非常不安全的.我正在考虑使用 sha512(password.salt)，并且我一直在研究生成有用盐的最佳方法.我阅读了许多文章，指出盐应该尽可能随机以向散列添加熵，这看起来是个好主意.但是:

I realize that using a simple md5(password) is very unsecured. I'm considering using a sha512(password.salt), and I have been researching the best way to generate a useful salt. I read numerous articles stating that a salt should be as random as possible to add entropy to the hash and it looks like a great idea. But:

• 您需要将随机盐与散列一起存储
• 鉴于攻击者以某种方式获取了您的哈希密码(并试图将哈希反转为纯文本)，这意味着他可能转储了您的数据库，然后还可以访问您的随机盐

数据库中散列旁边看起来很奇怪的值是盐，这不是很明显吗?如果攻击者可以访问盐和哈希值，那如何更安全?

Isn't it obvious that the weird looking value next to the hash in the database is a salt? If the attacker can access the salt along with the hash value, how is that more secure?

有人在这方面有任何专业知识吗?谢谢！

Anyone has any expertise in that area? Thanks!

推荐答案

攻击者允许"知道盐 - 您的安全性必须以一种方式设计，即使知道盐它仍然是安全的.

An attacker is "allowed" to know the salt - your security must be designed in a way that even with the knowledge of the salt it is still secure.

盐有什么作用?

Salt 使用预先计算的彩虹表"帮助防御蛮力攻击.
对于攻击者来说，Salt 使蛮力变得更加昂贵(在时间/内存方面).
计算这样的表是昂贵的，通常只有在它可以用于多个攻击/密码时才进行.
如果您对所有密码使用相同的盐，攻击者可以预先计算这样的表，然后将您的密码强行转换为明文...
只要您为要存储哈希值的每个密码生成一个新的(最佳加密强度)随机盐就没有问题.

Salt aids in defending against brute-force attacks using pre-computed "rainbow-tables".
Salt makes brute-force much more expensive (in time/memory terms) for the attacker.
Calculating such a table is expensive and usually only done when it can be used for more than one attack/password.
IF you use the same salt for all password an attacker could pre-compute such a table and then brute-force your passwords into cleartext...
As long as you generate a new (best cryptogrpahically strong) random salt for every password you want to store the hash of there is no problem.

如果您想进一步加强安全性
您可以多次计算散列(散列散列等) - 这不会花费您太多，但它会使蛮力攻击/计算彩虹表"更加昂贵......请不要发明自己- 有经过验证的标准方法可以这样做，例如参见 http://en.wikipedia.org/wiki/PBKDF2和 http://www.itnewb.com/tutorial/Encrypting-Passwords-with-PHP-for-Storage-Using-the-RSA-PBKDF2-Standard

注意:

现在使用这种机制是强制性，因为CPU 时间"(可用于彩虹表/蛮力等攻击)越来越广泛使用(例如，请参阅以下事实:亚马逊的云服务在全球最快的超级计算机中名列前 50 名，任何人都可以使用相对较少的费用)！

Using such a mechanism is these days mandatrory since "CPU time" (usable for attacks like rainbow tables/brute force etc.) is getting more and more widely available (see for example the fact that Amazon's Cloud service is among the top 50 of fastest supercomuters worldwide and can be used by anyone for a comparatively small amount)!

这篇关于使用随机盐改进密码散列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！