散列密码的最佳实践 - SHA256 还是 SHA512? [英] Best practice for hashing passwords - SHA256 or SHA512?

问题描述

我目前正在使用带盐的 SHA256 来散列我的密码.是继续使用 SHA256 更好还是应该更改为 SHA512?

I am currently using SHA256 with a salt to hash my passwords. Is it better to continue using SHA256 or should I change to SHA512?

推荐答案

切换到 SHA512 几乎不会使您的网站更安全.您不应编写自己的密码散列函数.相反，应使用现有实现.

Switching to SHA512 will hardly make your website more secure. You should not write your own password hashing function. Instead, use an existing implementation.

SHA256 和 SHA512 是消息摘要，它们从不用于密码散列(或key-derivation) 函数.(尽管消息摘要可以用作 KDF 的构建块，例如在具有 HMAC-SHA256 的 PBKDF2 中.)

SHA256 and SHA512 are message digests, they were never meant to be password-hashing (or key-derivation) functions. (Although a message digest could be used a building block for a KDF, such as in PBKDF2 with HMAC-SHA256.)

密码散列函数应该防御字典攻击和彩虹表.为了抵御字典攻击，密码散列方案必须包括一个工作因素，使其尽可能慢.

A password-hashing function should defend against dictionary attacks and rainbow tables. In order to defend against dictionary attacks, a password hashing scheme must include a work factor to make it as slow as is workable.

目前，最好的选择可能是Argon2.该系列密码哈希函数在 2015 年密码哈希大赛中获胜.

Currently, the best choice is probably Argon2. This family of password hashing functions won the Password Hashing Competition in 2015.

如果 Argon2 不可用，唯一的其他标准化密码散列或密钥派生函数是 PBKDF2，这是一个古老的 NIST 标准.其他选择，如果不需要使用标准，包括 bcrypt 和 scrypt.

If Argon2 is not available, the only other standardized password-hashing or key-derivation function is PBKDF2, which is an oldish NIST standard. Other choices, if using a standard is not required, include bcrypt and scrypt.

维基百科有这些功能的页面:

Wikipedia has pages for these functions:

• https://en.wikipedia.org/wiki/Argon2
• https://en.wikipedia.org/wiki/Bcrypt
• https://en.wikipedia.org/wiki/Scrypt
• https://en.wikipedia.org/wiki/PBKDF2

NIST 不建议直接使用 消息摘要(例如 SHA2 或 SHA3)来散列密码！以下是 NIST 推荐的内容:

NIST does not recommend using message digests such as SHA2 or SHA3 directly to hash passwords! Here is what NIST recommends:

记住的秘密应使用合适的单向进行加盐和散列密钥推导函数.密钥派生函数需要一个密码，一个盐和成本因素作为输入然后生成密码哈希.他们的目的是让拥有密码的攻击者尝试每个密码猜测获得一个密码哈希文件很昂贵，因此需要一个猜测攻击高或望而却步.合适的钥匙的例子派生函数包括基于密码的密钥派生函数2(PBKDF2) [SP 800-132] 和气球 [BALLOON].

Memorized secrets SHALL be salted and hashed using a suitable one-way key derivation function. Key derivation functions take a password, a salt, and a cost factor as inputs then generate a password hash. Their purpose is to make each password guessing trial by an attacker who has obtained a password hash file expensive and therefore the cost of a guessing attack high or prohibitive. Examples of suitable key derivation functions include Password-based Key Derivation Function 2 (PBKDF2) [SP 800-132] and Balloon [BALLOON].

这篇关于散列密码的最佳实践 - SHA256 还是 SHA512?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！