如何*正确*存储密码? [英] How to store passwords *correctly*?

问题描述

我在 SO 中偶然发现的一篇 文章 提供的链接其他文章将提供的链接转至更多 文章 等

An article that I stumbled upon here in SO provided links to other articles which in turn provided links to even more articles etc.

最后我完全被难住了 - 那么在数据库中存储密码的最佳方法是什么?据我所知，你应该:

And in the end I was left completely stumped - so what is the best way to store passwords in the DB? From what I can put together you should:

• 使用长(至少 128 个完全随机位)盐，它以明文形式存储在密码旁边；
• 对加盐密码使用多次迭代的 SHA-256(甚至更高的 SHA 级别).

但是……我对密码学的了解越多，我就越明白我什么都不懂，而且我多年来一直认为是正确的事情实际上是完全错误的.这里有这方面的专家吗?

But... the more I read about cryptography the more I understand that I don't really understand anything, and that things I had thought to be true for years are actually are flat out wrong. Are there any experts on the subject here?

补充:似乎有些人没有抓住重点.我重复上面给出的最后一个链接.这应该可以澄清我的担忧.

Added: Seems that some people are missing the point. I repeat the last link given above. That should clarify my concerns.

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2007/july/足够的彩虹表-你需要知道的安全密码方案/

推荐答案

你说得对.只有两个建议:

You got it right. Only two suggestions:

1. 如果有一天 SHA1 变得太弱而您想使用其他东西，则不可能对旧密码进行散列并使用新方案重新散列它们.出于这个原因，我建议在每个密码上附加一个版本"号，告诉您使用的方案(盐长度、哈希值、次数).如果有一天您需要从 SHA 切换到更强大的密码，您可以创建新式密码，同时在数据库中保留旧式密码，并且仍然可以将它们区分开来.将用户迁移到新方案会更容易.

1. If one day SHA1 becomes too weak and you want to use something else, it is impossible to unhash the old passwords and rehash them with the new scheme. For this reason, I suggest that attached to each password a "version" number that tells you what scheme you used (salt length, which hash, how many times). If one day you need to switch from SHA to something stronger, you can create new-style passwords while still having old-style passwords in the database and still tell them apart. Migrating users to the new scheme will be easier.

密码仍然从用户传到系统，没有加密.如果有问题，请查看 SRP.SRP 太新了，您应该对实施它有点偏执，但到目前为止它看起来很有希望.

Passwords still go from user to system without encryption. Look at SRP if that's a problem. SRP is so new that you should be a little paranoid about implementing it, but so far it looks promising.

结果 bcrypt 在想法 1 上击败了我.存储的信息是 (cost, salt, hash)，其中 cost 是哈希完成的次数.看起来 bcrypt 做了一些正确的事情.增加哈希的次数，无需用户干预.

Turns out bcrypt beat me to it on idea number 1. The stored info is (cost, salt, hash), where cost is how many times the hashing has been done. Looks like bcrypt did something right. Increasing the number of times that you hash can be done without user intervention.

这篇关于如何*正确*存储密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！