将旧密码移动到新的散列算法? [英] Moving old passwords to new hashing algorithm?

问题描述

我正在将一个站点切换到 Rails.这是一个相当大的网站，拥有 50k+ 用户.问题是，现有的密码散列方法非常弱.我有两个选择:

I'm switching a site over to rails. It's quite a large site with 50k+ users. The problem is, the existing password hashing method is extremely weak. I have two options:

1) 切换到新算法，为每个人生成随机密码，然后将这些密码通过电子邮件发送给他们，然后要求立即更改

1) Switch to a new algorithm, generate random passwords for everyone and then email them those passwords and require the change immediately after

2) 实现新算法，但使用之前的旧算法，然后对结果进行散列.例如:

2) Implement new algorithm but use the the old one before and then hash the result. For example:

密码:abcdef =算法1=> xj31ndn =算法2=> $21aafadsada214

Password: abcdef =Algorithm 1=> xj31ndn =Algorithm 2=> $21aafadsada214

任何新密码都需要通过原始算法(md5)，然后对结果进行散列(如果有意义)?这有什么缺点吗?

Any new passwords would need to go through the original algorithm (md5) and then have the result of that hashed if that makes any sense? Is there any disadvantage to this?

推荐答案

一般情况下不需要重新设置密码，等待用户下次登录即可.

Normally it's not necessary to reset the passwords, one can just wait until the user logs in the next time.

1. 首先尝试使用新算法验证输入的密码.届时，新密码和已转换密码的验证时间将不会更长.
2. 如果不匹配，则将其与旧的哈希算法进行比较.
3. 如果旧的哈希值匹配，那么您可以计算并存储新的哈希值，因为那时您知道密码.

每个密码存储系统都必须可以选择切换到更好的哈希算法，您的问题不是一次性迁移问题.像 BCrypt 这样好的密码散列算法有一个成本因素，有时你不得不增加这个成本因素(因为更快的硬件)，然后你需要与迁移所需的完全相同的过程.

Every password-storing-system must have the option to switch to a better hash algorithm, your problem is not a one-time migration problem. Good password hash algorithms like BCrypt have a cost factor, from time to time you have to increase this cost factor (because of faster hardware), then you need the exact same procedure as you need for the migration.

如果您的第一个算法真的很弱，并且您想立即提供更多保护，那么您对旧哈希进行哈希处理的选项 2 是一件好事.在这种情况下，您可以计算双散列并将数据库中的旧散列替换为新的双散列.

Your option 2 with hashing the old hash is a good thing, if your first algorithm is really weak, and you want to give more protection immediately. In this case you can calculate a double-hash and replace the old hash in the database with the new double-hash.

$newHashToStoreInTheDb = new_hash($oldHashFromDb)

您还应该标记此密码哈希(了解原因)，以便您可以将其识别为双重哈希.这可以在单独的数据库字段中完成，或者您可以包含您自己的签名.现代密码哈希函数还包括算法签名，以便它们可以升级到更新的算法，并且仍然可以验证旧的哈希.该示例显示了 BCrypt 哈希的签名:

You should also mark this password-hash (see why), so you can recognize it as double-hash. This can be done in a separate database field, or you can include your own signature. Modern password hash functions also include a signature of the algorithm, so that they can upgrade to newer algorithms, and still can verify older hashes. The example shows the signature of a BCrypt hash:

$2y$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa
___
 |
 signature of hash-algorithm = 2y = BCrypt

验证将像这样运行:

1. 决定它是否是双哈希.
2. 如果是新的hash，调用新的hash函数验证输入的密码，大功告成.
3. 如果是双哈希，则与双哈希算法new_hash(old_hash($password))进行对比.
4. 如果双哈希值匹配，则可以计算并存储新的哈希值.

这篇关于将旧密码移动到新的散列算法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！